FreeBSD: Limit rights on stdio and socket

weechat-hashes
C. McEnroe 2021-06-24 18:06:09 -04:00
parent 981ebc4f12
commit 1239ffa689
1 changed files with 12 additions and 0 deletions

12
chat.c
View File

@ -319,6 +319,18 @@ int main(int argc, char *argv[]) {
#endif #endif
#ifdef __FreeBSD__ #ifdef __FreeBSD__
struct { cap_rights_t stdin, stdout, stderr, irc; } rights;
cap_rights_init(&rights.stdin, CAP_READ, CAP_EVENT);
cap_rights_init(&rights.stdout, CAP_WRITE, CAP_IOCTL);
cap_rights_init(&rights.stderr, CAP_WRITE);
cap_rights_init(&rights.irc, CAP_SEND, CAP_RECV, CAP_EVENT);
int error = 0
|| cap_rights_limit(STDIN_FILENO, &rights.stdin)
|| cap_rights_limit(STDOUT_FILENO, &rights.stdout)
|| cap_rights_limit(STDERR_FILENO, &rights.stderr)
|| cap_rights_limit(irc, &rights.irc);
if (error) err(EX_OSERR, "cap_rights_limit");
if (self.restricted) { if (self.restricted) {
int error = cap_enter(); int error = cap_enter();
if (error) err(EX_OSERR, "cap_enter"); if (error) err(EX_OSERR, "cap_enter");