Restrict stdin if it's not in use.

Reviewed by: emaste, cem Differential Revision: https://reviews.freebsd.org/D8184
2016-10-07 19:02:13 +00:00 · 2016-10-07 19:02:13 +00:00 · abdfa0b19c
commit abdfa0b19c
parent a4e3fc54a0
1 changed files with 8 additions and 0 deletions
--- a/usr.bin/cmp/cmp.c
+++ b/usr.bin/cmp/cmp.c
@ -164,6 +164,14 @@ main(int argc, char *argv[])
 	if (cap_fcntls_limit(fd2, fcntls) < 0 && errno != ENOSYS)
 		err(ERR_EXIT, "unable to limit fcntls for %s", file2);

+	if (!special) {
+		cap_rights_init(&rights);
+		if (cap_rights_limit(STDIN_FILENO, &rights) < 0 &&
+		    errno != ENOSYS) {
+			err(ERR_EXIT, "unable to limit stdio");
+		}
+	}
+
 	if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1)
 		err(ERR_EXIT, "unable to limit stdio");