FreeBSD: Use capsicum_helpers.h

master
C. McEnroe 2021-06-28 09:11:02 -04:00
parent cb62d92f54
commit cbc9545cb3
3 changed files with 23 additions and 21 deletions

27
chat.c
View File

@ -47,7 +47,7 @@
#include <unistd.h> #include <unistd.h>
#ifdef __FreeBSD__ #ifdef __FreeBSD__
#include <sys/capsicum.h> #include <capsicum_helpers.h>
#endif #endif
#include "chat.h" #include "chat.h"
@ -319,21 +319,24 @@ int main(int argc, char *argv[]) {
#endif #endif
#ifdef __FreeBSD__ #ifdef __FreeBSD__
struct { cap_rights_t stdin, stdout, stderr, irc; } rights; cap_rights_t rights;
cap_rights_init(&rights.stdin, CAP_READ, CAP_EVENT); caph_stream_rights(&rights, CAPH_WRITE);
cap_rights_init(&rights.stdout, CAP_WRITE, CAP_IOCTL);
cap_rights_init(&rights.stderr, CAP_WRITE);
cap_rights_init(&rights.irc, CAP_SEND, CAP_RECV, CAP_EVENT);
int error = 0 int error = 0
|| cap_rights_limit(STDIN_FILENO, &rights.stdin) || caph_limit_stdin()
|| cap_rights_limit(STDOUT_FILENO, &rights.stdout) || caph_rights_limit(STDOUT_FILENO, cap_rights_set(&rights, CAP_IOCTL))
|| cap_rights_limit(STDERR_FILENO, &rights.stderr) || caph_limit_stderr()
|| cap_rights_limit(irc, &rights.irc); || caph_rights_limit(
irc, cap_rights_init(&rights, CAP_SEND, CAP_RECV, CAP_EVENT)
);
if (error) err(EX_OSERR, "cap_rights_limit"); if (error) err(EX_OSERR, "cap_rights_limit");
if (self.restricted) { if (self.restricted) {
int error = cap_enter(); // caph_cache_tzdata(3) doesn't load UTC info, which we need for
if (error) err(EX_OSERR, "cap_enter"); // certificate verification. gmtime(3) does.
caph_cache_tzdata();
gmtime(&(time_t) { time(NULL) });
error = caph_enter();
if (error) err(EX_OSERR, "caph_enter");
} }
#endif #endif

10
log.c
View File

@ -39,7 +39,7 @@
#include <unistd.h> #include <unistd.h>
#ifdef __FreeBSD__ #ifdef __FreeBSD__
#include <sys/capsicum.h> #include <capsicum_helpers.h>
#endif #endif
#include "chat.h" #include "chat.h"
@ -54,11 +54,9 @@ void logOpen(void) {
#ifdef __FreeBSD__ #ifdef __FreeBSD__
cap_rights_t rights; cap_rights_t rights;
cap_rights_init( caph_stream_rights(&rights, CAPH_WRITE);
&rights, CAP_MKDIRAT, CAP_CREATE, CAP_WRITE, cap_rights_set(&rights, CAP_MKDIRAT, CAP_CREATE);
/* for fdopen(3) */ CAP_FCNTL, CAP_FSTAT int error = caph_rights_limit(logDir, &rights);
);
int error = cap_rights_limit(logDir, &rights);
if (error) err(EX_OSERR, "cap_rights_limit"); if (error) err(EX_OSERR, "cap_rights_limit");
#endif #endif
} }

7
ui.c
View File

@ -49,7 +49,7 @@
#include <wctype.h> #include <wctype.h>
#ifdef __FreeBSD__ #ifdef __FreeBSD__
#include <sys/capsicum.h> #include <capsicum_helpers.h>
#endif #endif
#include "chat.h" #include "chat.h"
@ -1192,8 +1192,9 @@ void uiLoad(const char *name) {
#ifdef __FreeBSD__ #ifdef __FreeBSD__
cap_rights_t rights; cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FLOCK, CAP_FTRUNCATE); caph_stream_rights(&rights, CAPH_READ | CAPH_WRITE);
error = cap_rights_limit(fileno(saveFile), &rights); cap_rights_set(&rights, CAP_FLOCK, CAP_FTRUNCATE);
error = caph_rights_limit(fileno(saveFile), &rights);
if (error) err(EX_OSERR, "cap_rights_limit"); if (error) err(EX_OSERR, "cap_rights_limit");
#endif #endif