d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFp4 @229487:

Browse Source 
Revoke all capability rights from STDIN and allow only for write to STDOUT and
STDERR. All those descriptors are redirected to /dev/null.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Pawel Jakub Dawidek 2013-07-03 22:22:29 +00:00
parent 4c7a48b7a9
commit a6f38228d4
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sbin/dhclient/dhclient.c
View File

@ -2379,6 +2379,13 @@ go_daemon(void)
close(nullfd);
nullfd = -1;
}
if (cap_rights_limit(STDIN_FILENO, CAP_NONE) < 0 && errno != ENOSYS)
error("can't limit stdin: %m");
if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE) < 0 && errno != ENOSYS)
error("can't limit stdout: %m");
if (cap_rights_limit(STDERR_FILENO, CAP_WRITE) < 0 && errno != ENOSYS)
error("can't limit stderr: %m");
}
int