diff options
| author | June McEnroe <june@causal.agency> | 2019-04-27 22:50:20 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2019-04-27 22:50:20 -0400 |
| commit | b0cb99c6f3c18999f6140b59732fdeedbf83dea3 (patch) | |
| tree | 8a2b5c42e602885515b51fe1e22675f036bc82ae | |
| parent | Add missing include (diff) | |
| download | src-b0cb99c6f3c18999f6140b59732fdeedbf83dea3.tar.gz src-b0cb99c6f3c18999f6140b59732fdeedbf83dea3.zip | |
Use capsicum in irc/relay
| -rw-r--r-- | bin/irc/relay.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/bin/irc/relay.c b/bin/irc/relay.c index 5cdc8865..caf9062f 100644 --- a/bin/irc/relay.c +++ b/bin/irc/relay.c @@ -27,6 +27,10 @@ #include <tls.h> #include <unistd.h> +#ifdef __FreeBSD__ +#include <sys/capsicum.h> +#endif + static void clientWrite(struct tls *client, const char *ptr, size_t len) { while (len) { ssize_t ret = tls_write(client, ptr, len); @@ -135,6 +139,28 @@ int main(int argc, char *argv[]) { error = tls_connect_socket(client, sock, host); if (error) errx(EX_PROTOCOL, "tls_connect: %s", tls_error(client)); +#ifdef __FreeBSD__ + cap_rights_t rights; + + error = cap_enter(); + if (error) err(EX_OSERR, "cap_enter"); + + cap_rights_init(&rights, CAP_READ, CAP_EVENT); + error = cap_rights_limit(STDIN_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + cap_rights_init(&rights, CAP_WRITE); + error = cap_rights_limit(STDOUT_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + error = cap_rights_limit(STDERR_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT); + error = cap_rights_limit(sock, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); +#endif + clientFormat(client, "NICK :%s\r\nUSER %s 0 * :%s\r\n", nick, nick, nick); char *input = NULL; |