socsvn commit: r254566 - soc2013/dpl/head/contrib/xz/src/xz
dpl at FreeBSD.org
dpl at FreeBSD.org
Wed Jul 10 15:18:45 UTC 2013
Author: dpl
Date: Wed Jul 10 15:18:45 2013
New Revision: 254566
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=254566
Log:
Limit std fds.
Modified:
soc2013/dpl/head/contrib/xz/src/xz/file_io.c
Modified: soc2013/dpl/head/contrib/xz/src/xz/file_io.c
==============================================================================
--- soc2013/dpl/head/contrib/xz/src/xz/file_io.c Wed Jul 10 15:17:22 2013 (r254565)
+++ soc2013/dpl/head/contrib/xz/src/xz/file_io.c Wed Jul 10 15:18:45 2013 (r254566)
@@ -604,7 +604,9 @@
free(pair->dest_name);
return true;
}
+#if defined(CAPSICUM)
limitfd(pair);
+#endif
}
// If this really fails... well, we have a safe fallback.
@@ -981,16 +983,29 @@
extern void
cap_init(void)
{
- if (cap_rights_limit(STDIN_FILENO, CAP_READ) < 0 && errno != ENOSYS){
+ cap_rights_t *rights;
+
+ if( cap_rights_get(STDIN_FILENO, rights) < 0) {
message_error("%d: %s", STDIN_FILENO, strerror(errno));
exit(E_ERROR);
+ } else if (*rights == 0) {
+ if (cap_rights_limit(STDIN_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){
+ message_error("%d: %s", STDIN_FILENO, strerror(errno));
+ exit(E_ERROR);
+ }
}
- if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){
+ if( cap_rights_get(STDOUT_FILENO, rights) < 0) {
message_error("%d: %s", STDOUT_FILENO, strerror(errno));
exit(E_ERROR);
+ } else if (*rights == 0) {
+ if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){
+ message_error("%d: %s", STDOUT_FILENO, strerror(errno));
+ exit(E_ERROR);
+ }
}
+
if (cap_rights_limit(STDERR_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){
message_error("%d: %s", STDERR_FILENO, strerror(errno));
exit(E_ERROR);
@@ -1000,6 +1015,7 @@
message_error("cap_enter: %s", strerror(errno));
exit(E_ERROR);
}
+
return;
}
#endif
More information about the svn-soc-all
mailing list