From b0cb99c6f3c18999f6140b59732fdeedbf83dea3 Mon Sep 17 00:00:00 2001
From: Curtis McEnroe <june@causal.agency>
Date: Sat, 27 Apr 2019 22:50:20 -0400
Subject: Use capsicum in irc/relay

---
 bin/irc/relay.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'bin')

diff --git a/bin/irc/relay.c b/bin/irc/relay.c
index 5cdc8865..caf9062f 100644
--- a/bin/irc/relay.c
+++ b/bin/irc/relay.c
@@ -27,6 +27,10 @@
 #include <tls.h>
 #include <unistd.h>
 
+#ifdef __FreeBSD__
+#include <sys/capsicum.h>
+#endif
+
 static void clientWrite(struct tls *client, const char *ptr, size_t len) {
 	while (len) {
 		ssize_t ret = tls_write(client, ptr, len);
@@ -135,6 +139,28 @@ int main(int argc, char *argv[]) {
 	error = tls_connect_socket(client, sock, host);
 	if (error) errx(EX_PROTOCOL, "tls_connect: %s", tls_error(client));
 
+#ifdef __FreeBSD__
+	cap_rights_t rights;
+
+	error = cap_enter();
+	if (error) err(EX_OSERR, "cap_enter");
+
+	cap_rights_init(&rights, CAP_READ, CAP_EVENT);
+	error = cap_rights_limit(STDIN_FILENO, &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+
+	cap_rights_init(&rights, CAP_WRITE);
+	error = cap_rights_limit(STDOUT_FILENO, &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+
+	error = cap_rights_limit(STDERR_FILENO, &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+
+	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT);
+	error = cap_rights_limit(sock, &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+#endif
+
 	clientFormat(client, "NICK :%s\r\nUSER %s 0 * :%s\r\n", nick, nick, nick);
 
 	char *input = NULL;
-- 
cgit 1.4.1