FreeBSD: Limit rights on log directory

weechat-hashes
C. McEnroe 2021-06-24 18:17:52 -04:00
parent b48d0d607c
commit 56c31ae442
1 changed files with 14 additions and 0 deletions

14
log.c
View File

@ -38,6 +38,10 @@
#include <time.h> #include <time.h>
#include <unistd.h> #include <unistd.h>
#ifdef __FreeBSD__
#include <sys/capsicum.h>
#endif
#include "chat.h" #include "chat.h"
static int logDir = -1; static int logDir = -1;
@ -47,6 +51,16 @@ void logOpen(void) {
const char *path = dataMkdir("log"); const char *path = dataMkdir("log");
logDir = open(path, O_RDONLY | O_CLOEXEC); logDir = open(path, O_RDONLY | O_CLOEXEC);
if (logDir < 0) err(EX_CANTCREAT, "%s", path); if (logDir < 0) err(EX_CANTCREAT, "%s", path);
#ifdef __FreeBSD__
cap_rights_t rights;
cap_rights_init(
&rights, CAP_MKDIRAT, CAP_CREATE, CAP_WRITE,
/* for fdopen(3) */ CAP_FCNTL, CAP_FSTAT
);
int error = cap_rights_limit(logDir, &rights);
if (error) err(EX_OSERR, "cap_rights_limit");
#endif
} }
static void logMkdir(const char *path) { static void logMkdir(const char *path) {