aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLasse Collin <lasse.collin@tukaani.org>2023-03-07 19:59:23 +0200
committerJia Tan <jiat0218@gmail.com>2023-03-08 23:22:15 +0800
commita0eecc235d3ba8ad3453da98b46c7bc3e644de75 (patch)
tree5757d903e8498f400fd9d1274306f5b3f66e98b8
parentRevert: "Add warning if Capsicum sandbox system calls are unsupported." (diff)
downloadxz-a0eecc235d3ba8ad3453da98b46c7bc3e644de75.tar.xz
xz: Make Capsicum sandbox more strict with stdin and stdout.
-rw-r--r--src/xz/file_io.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c
index 37710428..ca452cdc 100644
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@@ -199,11 +199,19 @@ io_sandbox_enter(int src_fd)
CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)))
goto capsicum_error;
+ if (src_fd != STDIN_FILENO && cap_rights_limit(
+ STDIN_FILENO, cap_rights_clear(&rights)))
+ goto capsicum_error;
+
if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,
CAP_EVENT, CAP_FCNTL, CAP_FSTAT, CAP_LOOKUP,
CAP_WRITE, CAP_SEEK)))
goto capsicum_error;
+ if (cap_rights_limit(STDERR_FILENO, cap_rights_init(&rights,
+ CAP_WRITE)))
+ goto capsicum_error;
+
if (cap_rights_limit(user_abort_pipe[0], cap_rights_init(&rights,
CAP_EVENT)))
goto capsicum_error;