From b48d0d607ce3e4cf344dec5c94392b2a84f7f649 Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Thu, 24 Jun 2021 18:07:30 -0400
Subject: FreeBSD: Limit rights on save file

---
 ui.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ui.c b/ui.c
index 9d67387..a3003df 100644
--- a/ui.c
+++ b/ui.c
@@ -48,6 +48,10 @@
 #include <wchar.h>
 #include <wctype.h>
 
+#ifdef __FreeBSD__
+#include <sys/capsicum.h>
+#endif
+
 #include "chat.h"
 
 // Annoying stuff from <term.h>:
@@ -1181,11 +1185,19 @@ static ssize_t readString(FILE *file, char **buf, size_t *cap) {
 }
 
 void uiLoad(const char *name) {
+	int error;
 	saveFile = dataOpen(name, "a+e");
 	if (!saveFile) exit(EX_CANTCREAT);
 	rewind(saveFile);
 
-	int error = flock(fileno(saveFile), LOCK_EX | LOCK_NB);
+#ifdef __FreeBSD__
+	cap_rights_t rights;
+	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FLOCK, CAP_FTRUNCATE);
+	error = cap_rights_limit(fileno(saveFile), &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+#endif
+
+	error = flock(fileno(saveFile), LOCK_EX | LOCK_NB);
 	if (error && errno == EWOULDBLOCK) {
 		errx(EX_CANTCREAT, "%s: save file in use", name);
 	}
-- 
cgit 1.4.1