From b0cb99c6f3c18999f6140b59732fdeedbf83dea3 Mon Sep 17 00:00:00 2001 From: Curtis McEnroe Date: Sat, 27 Apr 2019 22:50:20 -0400 Subject: Use capsicum in irc/relay --- bin/irc/relay.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/bin/irc/relay.c b/bin/irc/relay.c index 5cdc8865..caf9062f 100644 --- a/bin/irc/relay.c +++ b/bin/irc/relay.c @@ -27,6 +27,10 @@ #include #include +#ifdef __FreeBSD__ +#include +#endif + static void clientWrite(struct tls *client, const char *ptr, size_t len) { while (len) { ssize_t ret = tls_write(client, ptr, len); @@ -135,6 +139,28 @@ int main(int argc, char *argv[]) { error = tls_connect_socket(client, sock, host); if (error) errx(EX_PROTOCOL, "tls_connect: %s", tls_error(client)); +#ifdef __FreeBSD__ + cap_rights_t rights; + + error = cap_enter(); + if (error) err(EX_OSERR, "cap_enter"); + + cap_rights_init(&rights, CAP_READ, CAP_EVENT); + error = cap_rights_limit(STDIN_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + cap_rights_init(&rights, CAP_WRITE); + error = cap_rights_limit(STDOUT_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + error = cap_rights_limit(STDERR_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT); + error = cap_rights_limit(sock, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); +#endif + clientFormat(client, "NICK :%s\r\nUSER %s 0 * :%s\r\n", nick, nick, nick); char *input = NULL; -- cgit 1.4.1