diff options
author | Jia Tan <jiat0218@gmail.com> | 2023-03-06 21:08:26 +0800 |
---|---|---|
committer | Jia Tan <jiat0218@gmail.com> | 2023-03-06 21:08:26 +0800 |
commit | f070722b57ba975a0dff36492d766f03026b1d21 (patch) | |
tree | 3186370c203ddf1fac234335578c5dd2f16dff4a | |
parent | liblzma: Clarify lzma_lzma_preset() documentation in lzma12.h. (diff) | |
download | xz-f070722b57ba975a0dff36492d766f03026b1d21.tar.xz |
xz: Reorder cap_enter() to beginning of capsicum sandbox code.
cap_enter() puts the process into the sandbox. If later calls to
cap_rights_limit() fail, then the process can still have some extra
protections.
-rw-r--r-- | src/xz/file_io.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c index aca9ebae..382fc02c 100644 --- a/src/xz/file_io.c +++ b/src/xz/file_io.c @@ -192,6 +192,9 @@ io_sandbox_enter(int src_fd) // Capsicum needs FreeBSD 10.0 or later. cap_rights_t rights; + if (cap_enter()) + goto error; + if (cap_rights_limit(src_fd, cap_rights_init(&rights, CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK))) goto error; @@ -209,9 +212,6 @@ io_sandbox_enter(int src_fd) CAP_WRITE))) goto error; - if (cap_enter()) - goto error; - #elif defined(HAVE_PLEDGE) // pledge() was introduced in OpenBSD 5.9. // |