diff options
| author | Roy Marples <roy@marples.name> | 2020-10-07 15:31:35 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-10-07 15:31:35 +0100 |
| commit | f1f3372c470cd347c49ca490353bb1134298d360 (patch) | |
| tree | aa9fca233a9881dfc172334f49026656fc5fcbae /src/dhcpcd.c | |
| parent | 5699c07d535fbe8cdc513b1c380519cb861009b3 (diff) | |
| download | dhcpcd-f1f3372c470cd347c49ca490353bb1134298d360.tar.xz | |
privsep: Improve rights on launcher fork and stderr fds
Diffstat (limited to 'src/dhcpcd.c')
| -rw-r--r-- | src/dhcpcd.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/src/dhcpcd.c b/src/dhcpcd.c index a9ced339..4cd5a02e 100644 --- a/src/dhcpcd.c +++ b/src/dhcpcd.c @@ -2246,7 +2246,7 @@ printpidfile: ctx.fork_fd = fork_fd[1]; close(fork_fd[0]); #ifdef PRIVSEP_RIGHTS - if (ps_rights_limit_fd(fork_fd[1]) == -1) { + if (ps_rights_limit_fd(ctx.fork_fd) == -1) { logerr("ps_rights_limit_fdpair"); goto exit_failure; } @@ -2293,10 +2293,8 @@ printpidfile: ctx.fork_fd = fork_fd[0]; close(fork_fd[1]); #ifdef PRIVSEP_RIGHTS - if (ps_rights_limit_fd(fork_fd[0]) == -1 || - ps_rights_limit_fd(stderr_fd[0]) == 1) - { - logerr("ps_rights_limit_fdpair"); + if (ps_rights_limit_fd(ctx.fork_fd) == -1) { + logerr("ps_rights_limit_fd"); goto exit_failure; } #endif @@ -2306,14 +2304,13 @@ printpidfile: ctx.stderr_fd = stderr_fd[0]; close(stderr_fd[1]); #ifdef PRIVSEP_RIGHTS - if (ps_rights_limit_fd(stderr_fd[0]) == 1) { - logerr("ps_rights_limit_fdpair"); + if (ps_rights_limit_fd(ctx.stderr_fd) == 1) { + logerr("ps_rights_limit_fd"); goto exit_failure; } #endif - if (ctx.stderr_valid) - eloop_event_add(ctx.eloop, ctx.stderr_fd, - dhcpcd_stderr_cb, &ctx); + eloop_event_add(ctx.eloop, ctx.stderr_fd, + dhcpcd_stderr_cb, &ctx); } #ifdef PRIVSEP if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx, NULL) == -1) |