diff options
| author | Jia Tan <jiat0218@gmail.com> | 2023-12-21 16:39:53 +0800 |
|---|---|---|
| committer | Jia Tan <jiat0218@gmail.com> | 2023-12-22 20:02:06 +0800 |
| commit | 9e96ca8c48b0916a2bb592841df016755572cf6a (patch) | |
| tree | 80efdcf55554041e34147bfa1dc9e89e0933e30f | |
| parent | liblzma: Set all values in lzma_lz_encoder to NULL after allocation. (diff) | |
| download | xz-9e96ca8c48b0916a2bb592841df016755572cf6a.tar.xz | |
xz: Add a comment to Capsicum sandbox setup.
This comment is repeated in xzdec.c to help remind us why all the
capabilities are removed from stdin in certain situations.
| -rw-r--r-- | src/xz/file_io.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c index 28280293..78fbdf72 100644 --- a/src/xz/file_io.c +++ b/src/xz/file_io.c @@ -199,6 +199,7 @@ io_sandbox_enter(int src_fd) CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK))) goto error; + // If not reading from stdin, remove all capabilities from it. if (src_fd != STDIN_FILENO && cap_rights_limit( STDIN_FILENO, cap_rights_clear(&rights))) goto error; |