aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/xz/file_io.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c
index 4a2c8392..9b89434f 100644
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@@ -226,6 +226,7 @@ io_sandbox_enter(int src_fd)
CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)))
goto error;
+ // If not reading from stdin, remove all capabilities from it.
if (src_fd != STDIN_FILENO && cap_rights_limit(
STDIN_FILENO, cap_rights_clear(&rights)))
goto error;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 03:35:24 +0000