# HG changeset patch
# User Roy Marples <roy@marples.name>
# Date 1599391240 -3600
# Node ID 2070a61faddd8c9f917873032df325b9e01d50bd
# Parent  d861892268ffdafc584dd40add371c55317a7e91
privsep: Dump leases from stdin in a limited sandbox

diff -r d861892268ff -r 2070a61faddd src/dhcpcd.c
--- a/src/dhcpcd.c	Sun Sep 06 11:58:29 2020 +0100
+++ b/src/dhcpcd.c	Sun Sep 06 12:20:40 2020 +0100
@@ -2135,11 +2135,20 @@
 	}
 #endif
 
+#ifdef PRIVSEP
+	ps_init(&ctx);
+#endif
+
 #ifndef SMALL
 	if (ctx.options & DHCPCD_DUMPLEASE &&
 	    ioctl(fileno(stdin), FIONREAD, &i, sizeof(i)) == 0 &&
 	    i > 0)
 	{
+		ctx.options |= DHCPCD_FORKED; /* pretend child process */
+#ifdef PRIVSEP
+		if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx) == -1)
+			goto exit_failure;
+#endif
 		ifp = calloc(1, sizeof(*ifp));
 		if (ifp == NULL) {
 			logerr(__func__);
@@ -2241,11 +2250,6 @@
 	if (freopen(_PATH_DEVNULL, "r", stdin) == NULL)
 		logerr("%s: freopen stdin", __func__);
 
-
-#ifdef PRIVSEP
-	ps_init(&ctx);
-#endif
-
 #if defined(USE_SIGNALS) && !defined(THERE_IS_NO_FORK)
 	if (xsocketpair(AF_UNIX, SOCK_DGRAM | SOCK_CXNB, 0, fork_fd) == -1 ||
 	    xsocketpair(AF_UNIX, SOCK_DGRAM | SOCK_CXNB, 0, stderr_fd) == -1)
diff -r d861892268ff -r 2070a61faddd src/privsep.c
--- a/src/privsep.c	Sun Sep 06 11:58:29 2020 +0100
+++ b/src/privsep.c	Sun Sep 06 12:20:40 2020 +0100
@@ -480,8 +480,9 @@
 	}
 
 #ifdef PRIVSEP_RIGHTS
-	if (ps_rights_limit_ioctl(ctx->pf_inet_fd) == -1 ||
-	     ps_rights_limit_fd(ctx->link_fd) == -1 ||
+	if ((ctx->pf_inet_fd != -1 &&
+	    ps_rights_limit_ioctl(ctx->pf_inet_fd) == -1) ||
+	    (ctx->link_fd != -1 && ps_rights_limit_fd(ctx->link_fd) == -1) ||
 	     ps_rights_limit_stdio() == -1)
 	{
 		logerr("%s: cap_rights_limit", __func__);