From b0cb99c6f3c18999f6140b59732fdeedbf83dea3 Mon Sep 17 00:00:00 2001 From: Curtis McEnroe Date: Sat, 27 Apr 2019 22:50:20 -0400 Subject: Use capsicum in irc/relay --- bin/irc/relay.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'bin') diff --git a/bin/irc/relay.c b/bin/irc/relay.c index 5cdc8865..caf9062f 100644 --- a/bin/irc/relay.c +++ b/bin/irc/relay.c @@ -27,6 +27,10 @@ #include #include +#ifdef __FreeBSD__ +#include +#endif + static void clientWrite(struct tls *client, const char *ptr, size_t len) { while (len) { ssize_t ret = tls_write(client, ptr, len); @@ -135,6 +139,28 @@ int main(int argc, char *argv[]) { error = tls_connect_socket(client, sock, host); if (error) errx(EX_PROTOCOL, "tls_connect: %s", tls_error(client)); +#ifdef __FreeBSD__ + cap_rights_t rights; + + error = cap_enter(); + if (error) err(EX_OSERR, "cap_enter"); + + cap_rights_init(&rights, CAP_READ, CAP_EVENT); + error = cap_rights_limit(STDIN_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + cap_rights_init(&rights, CAP_WRITE); + error = cap_rights_limit(STDOUT_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + error = cap_rights_limit(STDERR_FILENO, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT); + error = cap_rights_limit(sock, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); +#endif + clientFormat(client, "NICK :%s\r\nUSER %s 0 * :%s\r\n", nick, nick, nick); char *input = NULL; -- cgit 1.4.1 amp;id=fde897b8171ed2e925b44ec6f69590ec07241017&follow=1'>diff
path: root/tests/filters (unfollow)
Commit message (Expand)Author
2020-01-13tests: allow to skip git version testsChristian Hesse
2020-01-13Bump versionJason A. Donenfeld
2020-01-13git: update to v2.25.0Christian Hesse
2019-12-11tests: skip tests if strace is not functionalChristian Hesse
2019-12-10git: update to v2.24.1Christian Hesse
2019-11-22ui-repolist: do not return unsigned (negative) valueChristian Hesse
2019-11-08git: update to v2.24.0Christian Hesse
2019-10-25git: update to v2.23.0Christian Hesse
2019-10-25git: update to v2.22.0Christian Hesse
2019-06-25ui-tree: allow per repository override for enable-blameChristian Hesse
2019-06-05tests: successfully validate rc versionsChristian Hesse
2019-06-05git: update to v2.21.0Christian Hesse
2019-06-05ui-ssdiff: ban strncat()Christian Hesse
2019-06-05global: make 'char *path' const where possibleChristian Hesse
2019-05-20ui-shared: restrict to 15 levelsJason A. Donenfeld
2019-02-23ui-diff,ui-tag: don't use htmlf with non-formatted stringsChris Mayo
2019-02-23ui-ssdiff: resolve HTML5 validation errorsChris Mayo
2019-01-03filters: migrate from luacrypto to luaosslJason A. Donenfeld
2019-01-02ui-shared: fix broken sizeof in title setting and rewriteJason A. Donenfeld
2018-12-09git: update to v2.20.0Christian Hesse
2018-11-25ui-blame: set repo for sbJason A. Donenfeld
2018-11-25auth-filter: pass url with query string attachedJason A. Donenfeld
2018-11-21git: use xz compressed archive for downloadChristian Hesse
2018-10-12git: update to v2.19.1Christian Hesse
2018-09-11ui-ssdiff: ban strcat()Christian Hesse
2018-09-11ui-ssdiff: ban strncpy()Christian Hesse
2018-09-11ui-shared: ban strcat()Christian Hesse
2018-09-11ui-patch: ban sprintf()Christian Hesse
2018-09-11ui-log: ban strncpy()Christian Hesse
2018-09-11ui-log: ban strcpy()Christian Hesse
2018-09-11parsing: ban sprintf()Christian Hesse
2018-09-11parsing: ban strncpy()Christian Hesse
2018-08-28filters: generate anchor links from markdownChristian Hesse
2018-08-03Bump version.Jason A. Donenfeld
2018-08-03clone: fix directory traversalJason A. Donenfeld
2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev