Mercurial > hg > dhcpcd

changeset 5503:18a7063f70c1 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
privsep: Improve rights on launcher fork and stderr fds
author Roy Marples <roy@marples.name>
date Wed, 07 Oct 2020 15:31:35 +0100
parents 7100066d2c7e
children 4d665b4bede5
files src/dhcpcd.c
diffstat 1 files changed, 7 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/dhcpcd.c	Wed Oct 07 15:28:33 2020 +0100
+++ b/src/dhcpcd.c	Wed Oct 07 15:31:35 2020 +0100
@@ -2246,7 +2246,7 @@
 		ctx.fork_fd = fork_fd[1];
 		close(fork_fd[0]);
 #ifdef PRIVSEP_RIGHTS
-		if (ps_rights_limit_fd(fork_fd[1]) == -1) {
+		if (ps_rights_limit_fd(ctx.fork_fd) == -1) {
 			logerr("ps_rights_limit_fdpair");
 			goto exit_failure;
 		}
@@ -2293,10 +2293,8 @@
 		ctx.fork_fd = fork_fd[0];
 		close(fork_fd[1]);
 #ifdef PRIVSEP_RIGHTS
-		if (ps_rights_limit_fd(fork_fd[0]) == -1 ||
-		    ps_rights_limit_fd(stderr_fd[0]) == 1)
-		{
-			logerr("ps_rights_limit_fdpair");
+		if (ps_rights_limit_fd(ctx.fork_fd) == -1) {
+			logerr("ps_rights_limit_fd");
 			goto exit_failure;
 		}
 #endif
@@ -2306,14 +2304,13 @@
 			ctx.stderr_fd = stderr_fd[0];
 			close(stderr_fd[1]);
 #ifdef PRIVSEP_RIGHTS
-			if (ps_rights_limit_fd(stderr_fd[0]) == 1) {
-				logerr("ps_rights_limit_fdpair");
+			if (ps_rights_limit_fd(ctx.stderr_fd) == 1) {
+				logerr("ps_rights_limit_fd");
 				goto exit_failure;
 			}
 #endif
-			if (ctx.stderr_valid)
-				eloop_event_add(ctx.eloop, ctx.stderr_fd,
-				    dhcpcd_stderr_cb, &ctx);
+			eloop_event_add(ctx.eloop, ctx.stderr_fd,
+			    dhcpcd_stderr_cb, &ctx);
 		}
 #ifdef PRIVSEP
 		if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx, NULL) == -1)