From ea28d34768912164db23baebc26c9773bcafe22b Mon Sep 17 00:00:00 2001 From: Curtis McEnroe Date: Fri, 4 Jan 2019 19:47:18 -0500 Subject: Add cap_rights_limit calls to client and server --- client.c | 5 +++++ server.c | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/client.c b/client.c index c9800cf..8f7e901 100644 --- a/client.c +++ b/client.c @@ -707,6 +707,11 @@ int main(int argc, char *argv[]) { #ifdef __FreeBSD__ error = cap_enter(); if (error) err(EX_OSERR, "cap_enter"); + + cap_rights_t rights; + cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT); + error = cap_rights_limit(client, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); #endif struct pollfd fds[2] = { diff --git a/server.c b/server.c index 356387f..a2e3578 100644 --- a/server.c +++ b/server.c @@ -410,7 +410,21 @@ int main(int argc, char *argv[]) { error = cap_enter(); if (error) err(EX_OSERR, "cap_enter"); + cap_rights_t rights; + cap_rights_init( + &rights, + CAP_LISTEN, CAP_ACCEPT, CAP_EVENT, + CAP_READ, CAP_WRITE, CAP_SETSOCKOPT + ); + error = cap_rights_limit(server, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + if (pid) { + cap_rights_init(&rights, CAP_PWRITE, CAP_FSTAT, CAP_FTRUNCATE); + error = cap_rights_limit(pidfile_fileno(pid), &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + // FIXME: daemon(3) can't chdir or open /dev/null in capability mode. error = daemon(0, 0); if (error) err(EX_OSERR, "daemon"); pidfile_write(pid); -- cgit 1.4.1 1a6feaf5fafdaec4a1adb1c0d54b95106122ede5&follow=1'>diff
path: root/README (unfollow)
Commit message (Expand)Author
2013-03-20Makefile: re-use Git's Makefile where possibleJohn Keeping