# HG changeset patch
# User Roy Marples <roy@marples.name>
# Date 1602081095 -3600
# Node ID 18a7063f70c198bb83124d2a50ee5d797a8c3d34
# Parent  7100066d2c7e3ed434d70b3f93cac0e710c49341
privsep: Improve rights on launcher fork and stderr fds

diff -r 7100066d2c7e -r 18a7063f70c1 src/dhcpcd.c
--- a/src/dhcpcd.c	Wed Oct 07 15:28:33 2020 +0100
+++ b/src/dhcpcd.c	Wed Oct 07 15:31:35 2020 +0100
@@ -2246,7 +2246,7 @@
 		ctx.fork_fd = fork_fd[1];
 		close(fork_fd[0]);
 #ifdef PRIVSEP_RIGHTS
-		if (ps_rights_limit_fd(fork_fd[1]) == -1) {
+		if (ps_rights_limit_fd(ctx.fork_fd) == -1) {
 			logerr("ps_rights_limit_fdpair");
 			goto exit_failure;
 		}
@@ -2293,10 +2293,8 @@
 		ctx.fork_fd = fork_fd[0];
 		close(fork_fd[1]);
 #ifdef PRIVSEP_RIGHTS
-		if (ps_rights_limit_fd(fork_fd[0]) == -1 ||
-		    ps_rights_limit_fd(stderr_fd[0]) == 1)
-		{
-			logerr("ps_rights_limit_fdpair");
+		if (ps_rights_limit_fd(ctx.fork_fd) == -1) {
+			logerr("ps_rights_limit_fd");
 			goto exit_failure;
 		}
 #endif
@@ -2306,14 +2304,13 @@
 			ctx.stderr_fd = stderr_fd[0];
 			close(stderr_fd[1]);
 #ifdef PRIVSEP_RIGHTS
-			if (ps_rights_limit_fd(stderr_fd[0]) == 1) {
-				logerr("ps_rights_limit_fdpair");
+			if (ps_rights_limit_fd(ctx.stderr_fd) == 1) {
+				logerr("ps_rights_limit_fd");
 				goto exit_failure;
 			}
 #endif
-			if (ctx.stderr_valid)
-				eloop_event_add(ctx.eloop, ctx.stderr_fd,
-				    dhcpcd_stderr_cb, &ctx);
+			eloop_event_add(ctx.eloop, ctx.stderr_fd,
+			    dhcpcd_stderr_cb, &ctx);
 		}
 #ifdef PRIVSEP
 		if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx, NULL) == -1)