diff options
author | June McEnroe <june@causal.agency> | 2019-04-27 22:50:20 -0400 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2019-04-27 22:50:20 -0400 |
commit | 36114f72fba781e1888560b8b65358a5700fe2e8 (patch) | |
tree | b8cffbe0b36ee89e9d46708142826e7abf7ca3b7 /bin | |
parent | Add missing include (diff) | |
download | src-36114f72fba781e1888560b8b65358a5700fe2e8.tar.gz src-36114f72fba781e1888560b8b65358a5700fe2e8.zip |
Use capsicum in irc/relay
Diffstat (limited to '')
-rw-r--r-- | bin/irc/relay.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/bin/irc/relay.c b/bin/irc/relay.c index eb766490..7c70b4db 100644 --- a/bin/irc/relay.c +++ b/bin/irc/relay.c @@ -27,6 +27,10 @@ #include <tls.h> #include <unistd.h> +#ifdef __FreeBSD__ +#include <sys/capsicum.h> +#endif + static void clientWrite(struct tls *client, const char *ptr, size_t len) { while (len) { ssize_t ret = tls_write(client, ptr, len); @@ -135,6 +139,28 @@ int main(int argc, char *argv[]) { error = tls_connect_socket(client, sock, host); if (error) errx(EX_PROTOCOL, "tls_connect: %s", tls_error(client)); +#ifdef __FreeBSD__ + cap_rights_t rights; + + error = cap_enter(); + if (error) err(EX_OSERR, "cap_enter"); + + cap_rights_init(&rights, CAP_READ, CAP_EVENT); + error = cap_rights_limit(STDIN_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + cap_rights_init(&rights, CAP_WRITE); + error = cap_rights_limit(STDOUT_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + error = cap_rights_limit(STDERR_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT); + error = cap_rights_limit(sock, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); +#endif + clientFormat(client, "NICK :%s\r\nUSER %s 0 * :%s\r\n", nick, nick, nick); char *input = NULL; |