svn commit: r322370 - head/lib/libutil

[Mariusz Zaborski]

Author: oshogbo
Date: Thu Aug 10 16:50:13 2017
New Revision: 322370
URL: https://svnweb.freebsd.org/changeset/base/322370

Log:
  Limit descriptors stored in the pidfh structure.
  
  Reviewed by:	markj, cem
  Differential Revision:	https://reviews.freebsd.org/D11741

Modified:
  head/lib/libutil/pidfile.c

Modified: head/lib/libutil/pidfile.c
==============================================================================
--- head/lib/libutil/pidfile.c	Thu Aug 10 16:45:05 2017	(r322369)
+++ head/lib/libutil/pidfile.c	Thu Aug 10 16:50:13 2017	(r322370)
@@ -28,6 +28,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/capsicum.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 
@@ -103,6 +104,7 @@ pidfile_open(const char *path, mode_t mode, pid_t *pid
 	struct stat sb;
 	int error, fd, dirfd, dirlen, filenamelen, count;
 	struct timespec rqtp;
+	cap_rights_t caprights;
 
 	pfh = malloc(sizeof(*pfh));
 	if (pfh == NULL)
@@ -179,21 +181,35 @@ pidfile_open(const char *path, mode_t mode, pid_t *pid
 	 * to the proper descriptor.
 	 */
 	if (fstat(fd, &sb) == -1) {
-		error = errno;
-		unlinkat(dirfd, pfh->pf_filename, 0);
-		close(dirfd);
-		close(fd);
-		free(pfh);
-		errno = error;
-		return (NULL);
+		goto failed;
 	}
 
+	if (cap_rights_limit(dirfd,
+	    cap_rights_init(&caprights, CAP_UNLINKAT)) < 0 && errno != ENOSYS) {
+		goto failed;
+	}
+
+	if (cap_rights_limit(fd, cap_rights_init(&caprights, CAP_PWRITE,
+	    CAP_FSTAT, CAP_FTRUNCATE)) < 0 &&
+	    errno != ENOSYS) {
+		goto failed;
+	}
+
 	pfh->pf_dirfd = dirfd;
 	pfh->pf_fd = fd;
 	pfh->pf_dev = sb.st_dev;
 	pfh->pf_ino = sb.st_ino;
 
 	return (pfh);
+
+failed:
+	error = errno;
+	unlinkat(dirfd, pfh->pf_filename, 0);
+	close(dirfd);
+	close(fd);
+	free(pfh);
+	errno = error;
+	return (NULL);
 }
 
 int