From b48d0d607ce3e4cf344dec5c94392b2a84f7f649 Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Thu, 24 Jun 2021 18:07:30 -0400
Subject: FreeBSD: Limit rights on save file

---
 ui.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ui.c b/ui.c
index 9d67387..a3003df 100644
--- a/ui.c
+++ b/ui.c
@@ -48,6 +48,10 @@
 #include <wchar.h>
 #include <wctype.h>
 
+#ifdef __FreeBSD__
+#include <sys/capsicum.h>
+#endif
+
 #include "chat.h"
 
 // Annoying stuff from <term.h>:
@@ -1181,11 +1185,19 @@ static ssize_t readString(FILE *file, char **buf, size_t *cap) {
 }
 
 void uiLoad(const char *name) {
+	int error;
 	saveFile = dataOpen(name, "a+e");
 	if (!saveFile) exit(EX_CANTCREAT);
 	rewind(saveFile);
 
-	int error = flock(fileno(saveFile), LOCK_EX | LOCK_NB);
+#ifdef __FreeBSD__
+	cap_rights_t rights;
+	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FLOCK, CAP_FTRUNCATE);
+	error = cap_rights_limit(fileno(saveFile), &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+#endif
+
+	error = flock(fileno(saveFile), LOCK_EX | LOCK_NB);
 	if (error && errno == EWOULDBLOCK) {
 		errx(EX_CANTCREAT, "%s: save file in use", name);
 	}
-- 
cgit 1.4.1

'>log</a> <a href='/src/tree/bundle/vim-markdown?id=6a41f4a720d8799c995dc4ffc7bcc7c4067c1244'>tree</a> <a href='/src/commit/bundle/vim-markdown?id=6a41f4a720d8799c995dc4ffc7bcc7c4067c1244&amp;follow=1'>commit</a> <a href='/src/diff/bundle/vim-markdown?id=6a41f4a720d8799c995dc4ffc7bcc7c4067c1244&amp;follow=1'>diff</a></td><td class='form'><form class='right' method='get' action='/src/log/bundle/vim-markdown'>
<input type='hidden' name='id' value='6a41f4a720d8799c995dc4ffc7bcc7c4067c1244'/><input type='hidden' name='showmsg' value='1'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/src/log/?id=6a41f4a720d8799c995dc4ffc7bcc7c4067c1244&amp;showmsg=1&amp;follow=1'>root</a>/<a href='/src/log/bundle?id=6a41f4a720d8799c995dc4ffc7bcc7c4067c1244&amp;showmsg=1&amp;follow=1'>bundle</a>/<a href='/src/log/bundle/vim-markdown?id=6a41f4a720d8799c995dc4ffc7bcc7c4067c1244&amp;showmsg=1&amp;follow=1'>vim-markdown</a> (<a href='/src/log/bundle/vim-markdown?id=6a41f4a720d8799c995dc4ffc7bcc7c4067c1244&amp;showmsg=1'>unfollow</a>)</div><div class='content'><table class='list nowrap'><tr class='nohover'><th></th><th class='left'>Commit message (<a href='/src/log/bundle/vim-markdown?id=6a41f4a720d8799c995dc4ffc7bcc7c4067c1244&amp;follow=1'>Collapse</a>)</th><th class='left'>Author</th></tr>
<tr class='logheader'><td><span title='2013-03-24 14:08:11 -0400'>2013-03-24</span></td><td class='logsubject'><a href='/src/commit/bundle/paredit.vim?id=5a23d2dcb6e421cfe553c91e1db96f43a871c4c0&amp;follow=1'>Add paredit.vim</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2013-03-14 00:00:05 -0400'>2013-03-14</span></td><td class='logsubject'><a href='/src/commit/bundle/base16-vim?id=ee7120c1533c3ef40f26f5ec9c3529feb013faaa&amp;follow=1'>Update base16-vim</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
It's still crap


</td></tr>
<tr class='logheader'><td><span title='2013-03-12 18:22:02 -0400'>2013-03-12</span></td><td class='logsubject'><a href='/src/commit/.vimrc?id=155785e260f50686fe786738b4379d9c77b47f75&amp;follow=1'>Hide mode from below statusline</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2013-03-12 18:10:03 -0400'>2013-03-12</span></td><td class='logsubject'><a href='/src/commit/bundle/powerline?id=4ad48b2e02f084f7aa1cabbfc0aaa706125f16b2&amp;follow=1'>Switch to powerline</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Which I'm not going to bother configuring because it thinks it's all
fancy and for other things that aren't Vim so it stores its config file
in ~/.config which I keep in a different repo and I only want to use it
for Vim so fuck you, Powerline. &lt;/rant&gt;


</td></tr>
<tr class='logheader'><td><span title='2013-03-12 17:40:48 -0400'>2013-03-12</span></td><td class='logsubject'><a href='/src/commit/bundle/vim-powerline?id=f4c9177604d2f4d069d905330e79881a07153151&amp;follow=1'>Remove vim-powerline</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2013-02-03 23:08:19 -0500'>2013-02-03</span></td><td class='logsubject'><a href='/src/commit/bundle/refheap.vim?id=0553a42e0413ba55ebd41b828af91182b9b7fdef&amp;follow=1'>Update base16 and refheap</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2013-02-03 23:06:41 -0500'>2013-02-03</span></td><td class='logsubject'><a href='/src/commit/.gitignore?id=4159b83c94304d1d82a4edb05ad300c5aa9cb74d&amp;follow=1'>Ignore plugin/private.vim</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2012-09-29 11:38:28 -0400'>2012-09-29</span></td><td class='logsubject'><a href='/src/commit/.vimrc?id=7c8ec02029c83c70302ec4e017dadbd8adf3ee93&amp;follow=1'>Disable GUI dialogs</a></td><td>June McEnroe