diff options
author | C. McEnroe | 2021-06-24 18:06:09 -0400 |
---|---|---|
committer | C. McEnroe | 2021-06-25 11:50:14 -0400 |
commit | 1239ffa689964778425a75786116eb363c4961f1 (patch) | |
tree | f1a333a655bc5d1c989c7b2d09d948d60e46bc60 | |
parent | 981ebc4f12b88fbf52ed0352428a0612dd2c2568 (diff) |
FreeBSD: Limit rights on stdio and socket
-rw-r--r-- | chat.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/chat.c b/chat.c index 873eed9..821d510 100644 --- a/chat.c +++ b/chat.c @@ -319,6 +319,18 @@ int main(int argc, char *argv[]) { #endif #ifdef __FreeBSD__ + struct { cap_rights_t stdin, stdout, stderr, irc; } rights; + cap_rights_init(&rights.stdin, CAP_READ, CAP_EVENT); + cap_rights_init(&rights.stdout, CAP_WRITE, CAP_IOCTL); + cap_rights_init(&rights.stderr, CAP_WRITE); + cap_rights_init(&rights.irc, CAP_SEND, CAP_RECV, CAP_EVENT); + int error = 0 + || cap_rights_limit(STDIN_FILENO, &rights.stdin) + || cap_rights_limit(STDOUT_FILENO, &rights.stdout) + || cap_rights_limit(STDERR_FILENO, &rights.stderr) + || cap_rights_limit(irc, &rights.irc); + if (error) err(EX_OSERR, "cap_rights_limit"); + if (self.restricted) { int error = cap_enter(); if (error) err(EX_OSERR, "cap_enter"); |