From 56c31ae4429310e8af3864d2b78b930fe14126c4 Mon Sep 17 00:00:00 2001 From: C. McEnroe Date: Thu, 24 Jun 2021 18:17:52 -0400 Subject: FreeBSD: Limit rights on log directory --- log.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'log.c') diff --git a/log.c b/log.c index 415e1dc..fab5a41 100644 --- a/log.c +++ b/log.c @@ -38,6 +38,10 @@ #include #include +#ifdef __FreeBSD__ +#include +#endif + #include "chat.h" static int logDir = -1; @@ -47,6 +51,16 @@ void logOpen(void) { const char *path = dataMkdir("log"); logDir = open(path, O_RDONLY | O_CLOEXEC); if (logDir < 0) err(EX_CANTCREAT, "%s", path); + +#ifdef __FreeBSD__ + cap_rights_t rights; + cap_rights_init( + &rights, CAP_MKDIRAT, CAP_CREATE, CAP_WRITE, + /* for fdopen(3) */ CAP_FCNTL, CAP_FSTAT + ); + int error = cap_rights_limit(logDir, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); +#endif } static void logMkdir(const char *path) { -- cgit 1.4.1-2-gfad0