Limit capsicum rights to stdio.

This requires FreeBSD fix (https://reviews.freebsd.org/D12622) to work properly.
author: Edward Tomasz Napierala <trasz@FreeBSD.org> 2017-10-07 03:28:02 +0100
committer: Edward Tomasz Napierala <trasz@FreeBSD.org> 2017-10-07 03:28:02 +0100
commit: 40ae8f5fa67cb7ec529f9fea5816fb8804c9bba8 (patch)
tree: 73d443a30e6d55c9ff9d82a39766bee0b9cb5389 /src/core
parent: 92dbb1895b84bc9412bea62ce11473daf4dd2618 (diff)
download: irssi-40ae8f5fa67cb7ec529f9fea5816fb8804c9bba8.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/core/capsicum.c b/src/core/capsicum.c
index 3b0708cb..1c5c59da 100644
--- a/src/core/capsicum.c
+++ b/src/core/capsicum.c
@@ -37,6 +37,7 @@
 #include <sys/nv.h>
 #include <sys/procdesc.h>
 #include <sys/socket.h>
+#include <capsicum_helpers.h>
 #include <string.h>
 
 #define	OPCODE_CONNECT		1
@@ -410,6 +411,13 @@ static void cmd_capsicum_enter(void)
 	 */
 	signal(SIGCHLD, SIG_IGN);
 
+	error = caph_limit_stdio();
+	if (error != 0) {
+		g_warning("caph_limit_stdio(3) failed: %s", strerror(errno));
+		signal_emit("capability mode failed", 1, strerror(errno));
+		return;
+	}
+
 	error = cap_enter();
 	if (error != 0) {
 		signal_emit("capability mode failed", 1, strerror(errno));
author	Edward Tomasz Napierala <trasz@FreeBSD.org>	2017-10-07 03:28:02 +0100
committer	Edward Tomasz Napierala <trasz@FreeBSD.org>	2017-10-07 03:28:02 +0100
commit	40ae8f5fa67cb7ec529f9fea5816fb8804c9bba8 (patch)
tree	73d443a30e6d55c9ff9d82a39766bee0b9cb5389 /src/core
parent	92dbb1895b84bc9412bea62ce11473daf4dd2618 (diff)
download	irssi-40ae8f5fa67cb7ec529f9fea5816fb8804c9bba8.zip