svn commit: r252633 - head/sbin/dhclient

[Pawel Jakub Dawidek]

Author: pjd
Date: Wed Jul  3 22:22:29 2013
New Revision: 252633
URL: http://svnweb.freebsd.org/changeset/base/252633

Log:
  MFp4 @229487:
  
  Revoke all capability rights from STDIN and allow only for write to STDOUT and
  STDERR. All those descriptors are redirected to /dev/null.
  
  Reviewed by:  brooks
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sbin/dhclient/dhclient.c

Modified: head/sbin/dhclient/dhclient.c
==============================================================================
--- head/sbin/dhclient/dhclient.c       Wed Jul  3 22:21:11 2013        
(r252632)
+++ head/sbin/dhclient/dhclient.c       Wed Jul  3 22:22:29 2013        
(r252633)
@@ -2379,6 +2379,13 @@ go_daemon(void)
                close(nullfd);
                nullfd = -1;
        }
+
+       if (cap_rights_limit(STDIN_FILENO, CAP_NONE) < 0 && errno != ENOSYS)
+               error("can't limit stdin: %m");
+       if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE) < 0 && errno != ENOSYS)
+               error("can't limit stdout: %m");
+       if (cap_rights_limit(STDERR_FILENO, CAP_WRITE) < 0 && errno != ENOSYS)
+               error("can't limit stderr: %m");
 }
 
 int
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"