diff options
| author | June McEnroe <june@causal.agency> | 2021-09-15 13:13:11 +0000 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2021-09-15 14:48:03 +0000 |
| commit | 68f41009e9283757b672bbafcaa7bb0bdd121e32 (patch) | |
| tree | b86e7153fc8e6e23d4575da6e75ebe21eecda977 | |
| parent | Factor out common parts of downgrade messages (diff) | |
| download | src-68f41009e9283757b672bbafcaa7bb0bdd121e32.tar.gz src-68f41009e9283757b672bbafcaa7bb0bdd121e32.zip | |
Enter capsicum in downgrade
| -rw-r--r-- | bin/downgrade.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/bin/downgrade.c b/bin/downgrade.c index 5351c501..af1b528b 100644 --- a/bin/downgrade.c +++ b/bin/downgrade.c @@ -26,6 +26,10 @@ #include <tls.h> #include <unistd.h> +#ifdef __FreeBSD__ +#include <capsicum_helpers.h> +#endif + enum { BufferCap = 8192 + 512 }; static bool verbose; @@ -298,6 +302,11 @@ int main(int argc, char *argv[]) { if (error) errx(EX_PROTOCOL, "tls_handshake: %s", tls_error(client)); tls_config_clear_keys(config); +#ifdef __FreeBSD__ + error = caph_enter() || caph_limit_stdio(); + if (error) err(EX_OSERR, "caph_enter"); +#endif + signal(SIGHUP, quit); signal(SIGINT, quit); signal(SIGTERM, quit); |