diff options
| author | Lasse Collin <lasse.collin@tukaani.org> | 2024-04-08 17:07:08 +0300 |
|---|---|---|
| committer | Lasse Collin <lasse.collin@tukaani.org> | 2024-04-09 18:22:27 +0300 |
| commit | 2739db981023373a2ddabc7b456c7e658bb4f582 (patch) | |
| tree | 1c8d637ba0276d2fa00704e0baefdf53631f9fe4 | |
| parent | tests/ossfuzz: Tiny fix to a comment. (diff) | |
| download | xz-2739db981023373a2ddabc7b456c7e658bb4f582.tar.xz | |
xzdec: Tweak coding style and comments.
| -rw-r--r-- | src/xzdec/xzdec.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/src/xzdec/xzdec.c b/src/xzdec/xzdec.c index ef8c80f3..adfa17e8 100644 --- a/src/xzdec/xzdec.c +++ b/src/xzdec/xzdec.c @@ -313,10 +313,12 @@ sandbox_enter(int src_fd) STDIN_FILENO, cap_rights_clear(&rights))) goto error; - if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights, CAP_WRITE))) + if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights, + CAP_WRITE))) goto error; - if (cap_rights_limit(STDERR_FILENO, cap_rights_init(&rights, CAP_WRITE))) + if (cap_rights_limit(STDERR_FILENO, cap_rights_init(&rights, + CAP_WRITE))) goto error; #elif defined(HAVE_PLEDGE) @@ -325,6 +327,7 @@ sandbox_enter(int src_fd) goto error; (void)src_fd; + #elif defined(HAVE_LINUX_LANDLOCK) int landlock_abi = syscall(SYS_landlock_create_ruleset, (void *)NULL, 0, LANDLOCK_CREATE_RULESET_VERSION); @@ -351,6 +354,7 @@ sandbox_enter(int src_fd) } (void)src_fd; + #else # error ENABLE_SANDBOX is defined but no sandboxing method was found. #endif @@ -367,6 +371,7 @@ error: if (errno == ENOSYS) return; #endif + my_errorf("Failed to enable the sandbox"); exit(EXIT_FAILURE); } @@ -390,8 +395,14 @@ main(int argc, char **argv) #endif #ifdef HAVE_LINUX_LANDLOCK - // Prevent the process from gaining new privileges. The return - // is ignored to keep compatibility with old kernels. + // Prevent the process from gaining new privileges. This must be done + // before landlock_restrict_self(2) but since we will never need new + // privileges, this call can be done here already. + // + // This is supported since Linux 3.5. Ignore the return value to + // keep compatibility with old kernels. landlock_restrict_self(2) + // will fail if the no_new_privs attribute isn't set, thus if prctl() + // fails here the error will still be detected when it matters. (void)prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); #endif @@ -438,19 +449,18 @@ main(int argc, char **argv) } } #ifdef ENABLE_SANDBOX - // Enable the sandbox for the last file. When the - // strict sandbox is enabled the process can no - // longer open additional files. It is likely that - // the most common way to use xzdec is to - // decompress a single file, so this fully protects - // most use cases. + // Enable the strict sandbox for the last file. + // Then the process can no longer open additional + // files. The typical xzdec use case is to decompress + // a single file so this way the strictest sandboxing + // is used in most cases. if (optind == argc - 1) sandbox_enter(fileno(src_file)); #endif uncompress(&strm, src_file, src_name); if (src_file != stdin) - fclose(src_file); + (void)fclose(src_file); } while (++optind < argc); } |