diff options
author | June McEnroe <june@causal.agency> | 2021-09-15 13:13:11 +0000 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2021-09-15 14:48:03 +0000 |
commit | 03d876f71c88bf51f7982557798503cad27fa355 (patch) | |
tree | c5d6e6a418320821efb528c5d069531c6d4877cb | |
parent | Factor out common parts of downgrade messages (diff) | |
download | src-03d876f71c88bf51f7982557798503cad27fa355.tar.gz src-03d876f71c88bf51f7982557798503cad27fa355.zip |
Enter capsicum in downgrade
Diffstat (limited to '')
-rw-r--r-- | bin/downgrade.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/bin/downgrade.c b/bin/downgrade.c index 168510ce..3548efcf 100644 --- a/bin/downgrade.c +++ b/bin/downgrade.c @@ -26,6 +26,10 @@ #include <tls.h> #include <unistd.h> +#ifdef __FreeBSD__ +#include <capsicum_helpers.h> +#endif + enum { BufferCap = 8192 + 512 }; static bool verbose; @@ -298,6 +302,11 @@ int main(int argc, char *argv[]) { if (error) errx(EX_PROTOCOL, "tls_handshake: %s", tls_error(client)); tls_config_clear_keys(config); +#ifdef __FreeBSD__ + error = caph_enter() || caph_limit_stdio(); + if (error) err(EX_OSERR, "caph_enter"); +#endif + signal(SIGHUP, quit); signal(SIGINT, quit); signal(SIGTERM, quit); |