diff options
author | Baptiste Daroussin <bapt@FreeBSD.org> | 2017-02-22 16:37:45 +0000 |
---|---|---|
committer | Baptiste Daroussin <bapt@FreeBSD.org> | 2017-02-22 16:37:45 +0000 |
commit | 0064a5b36dbbcd94ad14338e1110072a209f9882 (patch) | |
tree | 186413adc960265aba561ce99c112f0dcfe6804b /usr.bin/lam/lam.c | |
parent | e872af3a64486379871fc701484a1eb6922f1eb2 (diff) | |
download | src-0064a5b36dbbcd94ad14338e1110072a209f9882.tar.gz src-0064a5b36dbbcd94ad14338e1110072a209f9882.zip |
Better fix for r314098
The actual issue was the fact that if - was used then some restriction were
already set to stdin when we were applying caph_limit_stdio which was failing
due to the fact the fd was the fd was already restricted to lower rights.
Restricting stdio before actually opening the files prevent trying to raise the
right and fixes the issue.
And this allows to keep failing the program if restriction failed
Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D9723
Notes
Notes:
svn path=/head/; revision=314099
Diffstat (limited to 'usr.bin/lam/lam.c')
-rw-r--r-- | usr.bin/lam/lam.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.bin/lam/lam.c b/usr.bin/lam/lam.c index 46708742354a..f47115503f24 100644 --- a/usr.bin/lam/lam.c +++ b/usr.bin/lam/lam.c @@ -86,6 +86,8 @@ main(int argc, char *argv[]) if (argc == 1) usage(); + if (caph_limit_stdio() == -1) + err(1, "unable to limit stdio"); getargs(argv); if (!morefiles) usage(); @@ -95,7 +97,6 @@ main(int argc, char *argv[]) * mode. */ caph_cache_catpages(); - caph_limit_stdio(); if (cap_enter() < 0 && errno != ENOSYS) err(1, "unable to enter capability mode"); |