aboutsummaryrefslogtreecommitdiff
path: root/src/xz/file_io.c
diff options
context:
space:
mode:
authorJia Tan <jiat0218@gmail.com>2023-03-06 21:08:26 +0800
committerJia Tan <jiat0218@gmail.com>2023-03-06 21:08:26 +0800
commitf070722b57ba975a0dff36492d766f03026b1d21 (patch)
tree3186370c203ddf1fac234335578c5dd2f16dff4a /src/xz/file_io.c
parentliblzma: Clarify lzma_lzma_preset() documentation in lzma12.h. (diff)
downloadxz-f070722b57ba975a0dff36492d766f03026b1d21.tar.xz
xz: Reorder cap_enter() to beginning of capsicum sandbox code.
cap_enter() puts the process into the sandbox. If later calls to cap_rights_limit() fail, then the process can still have some extra protections.
Diffstat (limited to 'src/xz/file_io.c')
-rw-r--r--src/xz/file_io.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c
index aca9ebae..382fc02c 100644
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@@ -192,6 +192,9 @@ io_sandbox_enter(int src_fd)
// Capsicum needs FreeBSD 10.0 or later.
cap_rights_t rights;
+ if (cap_enter())
+ goto error;
+
if (cap_rights_limit(src_fd, cap_rights_init(&rights,
CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)))
goto error;
@@ -209,9 +212,6 @@ io_sandbox_enter(int src_fd)
CAP_WRITE)))
goto error;
- if (cap_enter())
- goto error;
-
#elif defined(HAVE_PLEDGE)
// pledge() was introduced in OpenBSD 5.9.
//