Mercurial > hg > dhcpcd

changeset 5440:248013138b09 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
privsep: Fix prior for FreeBSD.
author Roy Marples <roy@marples.name>
date Sat, 05 Sep 2020 17:01:59 +0100
parents 35210bb8687c
children ff7c7b4799b3
files src/dhcpcd.c src/if.c src/privsep-control.c src/privsep.c
diffstat 4 files changed, 29 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/src/dhcpcd.c	Sat Sep 05 16:16:22 2020 +0100
+++ b/src/dhcpcd.c	Sat Sep 05 17:01:59 2020 +0100
@@ -2246,14 +2246,6 @@
 		logerr("socketpair");
 		goto exit_failure;
 	}
-#ifdef HAVE_CAPSICUM
-	if (ps_rights_limit_fdpair(fork_fd) == -1 ||
-	    ps_rights_limit_fdpair(stderr_fd) == 1)
-	{
-		logerr("ps_rights_limit_fdpair");
-		goto exit_failure;
-	}
-#endif
 	switch (pid = fork()) {
 	case -1:
 		logerr("fork");
@@ -2263,6 +2255,14 @@
 		close(fork_fd[0]);
 		logseterrfd(stderr_fd[1]);
 		close(stderr_fd[0]);
+#ifdef PRIVSEP_RIGHTS
+		if (ps_rights_limit_fd(fork_fd[1]) == -1 ||
+		    ps_rights_limit_fd(stderr_fd[1]) == 1)
+		{
+			logerr("ps_rights_limit_fdpair");
+			goto exit_failure;
+		}
+#endif
 		if (freopen(_PATH_DEVNULL, "w", stdout) == NULL ||
 		    freopen(_PATH_DEVNULL, "w", stderr) == NULL)
 			logerr("freopen");
@@ -2289,6 +2289,14 @@
 		close(fork_fd[1]);
 		ctx.stderr_fd = stderr_fd[0];
 		close(stderr_fd[1]);
+#ifdef PRIVSEP_RIGHTS
+		if (ps_rights_limit_fd(fork_fd[0]) == -1 ||
+		    ps_rights_limit_fd(stderr_fd[0]) == 1)
+		{
+			logerr("ps_rights_limit_fdpair");
+			goto exit_failure;
+		}
+#endif
 		setproctitle("[launcher]");
 		eloop_event_add(ctx.eloop, ctx.fork_fd, dhcpcd_fork_cb, &ctx);
 		eloop_event_add(ctx.eloop, ctx.stderr_fd, dhcpcd_stderr_cb, &ctx);
--- a/src/if.c	Sat Sep 05 16:16:22 2020 +0100
+++ b/src/if.c	Sat Sep 05 17:01:59 2020 +0100
@@ -1016,10 +1016,6 @@
 	if ((s = socketpair(domain, type, protocol, fd)) == -1)
 		return -1;
 
-#ifdef PRIVSEP_RIGHTS
-	if (ps_rights_limit_fdpair(fd) == -1)
-		goto out;
-#endif
 #ifndef HAVE_SOCK_CLOEXEC
 	if ((xtype & SOCK_CLOEXEC) && ((xflags = fcntl(fd[0], F_GETFD)) == -1 ||
 	    fcntl(fd[0], F_SETFD, xflags | FD_CLOEXEC) == -1))
@@ -1039,8 +1035,7 @@
 
 	return s;
 
-#if defined(PRIVSEP_RIGHTS) || \
-	!defined(HAVE_SOCK_CLOEXEC) || !defined(HAVE_SOCK_NONBLOCK)
+#if !defined(HAVE_SOCK_CLOEXEC) || !defined(HAVE_SOCK_NONBLOCK)
 out:
 	close(fd[0]);
 	close(fd[1]);
--- a/src/privsep-control.c	Sat Sep 05 16:16:22 2020 +0100
+++ b/src/privsep-control.c	Sat Sep 05 17:01:59 2020 +0100
@@ -225,10 +225,14 @@
 	int data_fd[2], listen_fd[2];
 	pid_t pid;
 
-	if (xsocketpair(AF_UNIX, SOCK_STREAM | SOCK_CXNB, 0, data_fd) == -1)
+	if (xsocketpair(AF_UNIX, SOCK_STREAM | SOCK_CXNB, 0, data_fd) == -1 ||
+	    xsocketpair(AF_UNIX, SOCK_STREAM | SOCK_CXNB, 0, listen_fd) == -1)
 		return -1;
-	if (xsocketpair(AF_UNIX, SOCK_STREAM | SOCK_CXNB, 0, listen_fd) == -1)
+#ifdef PRIVSEP_RIGHTS
+	if (ps_rights_limit_fdpair(data_fd) == -1 ||
+	    ps_rights_limit_fdpair(listen_fd) == -1)
 		return -1;
+#endif
 
 	pid = ps_dostart(ctx, &ctx->ps_control_pid, &ctx->ps_control_fd,
 	    ps_ctl_recvmsg, ps_ctl_dodispatch, ctx,
--- a/src/privsep.c	Sat Sep 05 16:16:22 2020 +0100
+++ b/src/privsep.c	Sat Sep 05 17:01:59 2020 +0100
@@ -295,6 +295,12 @@
 		logerr("%s: ps_setbuf_fdpair", __func__);
 		return -1;
 	}
+#ifdef PRIVSEP_RIGHTS
+	if (ps_rights_limit_fdpair(fd) == -1) {
+		logerr("%s: ps_rights_limit_fdpair", __func__);
+		return -1;
+	}
+#endif
 
 	switch (pid = fork()) {
 	case -1: