Merge GH #2019 Expand on FreeBSD cli sandbox

author: Jack Lloyd <[email protected]> 2019-07-05 04:22:10 -0400
committer: Jack Lloyd <[email protected]> 2019-07-05 04:22:10 -0400
commit: f95731602d83d4fd5686c98f1cfbf02f101a3652 (patch)
tree: c29a0075c97b4ce82da79df98e157b895a86b7de
parent: a84506ddf491c7e216d98a571b732ab7b1424025 (diff)
parent: 3fa5e2134d2a4802f6e9cf322ff33c241978f74e (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/src/cli/sandbox.cpp b/src/cli/sandbox.cpp
index 90eaf8b89..901ca1d78 100644
--- a/src/cli/sandbox.cpp
+++ b/src/cli/sandbox.cpp
@@ -11,6 +11,7 @@
   #include <unistd.h>
 #elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
   #include <sys/capsicum.h>
+  #include <unistd.h>
 #endif
 
 namespace Botan_CLI {
@@ -32,6 +33,33 @@ bool Sandbox::init()
    const static char *opts = "stdio rpath inet error";
    return (::pledge(opts, nullptr) == 0);
 #elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
+   cap_rights_t wt, rd;
+
+   if (::cap_rights_init(&wt, CAP_READ, CAP_WRITE) == nullptr)
+      {
+      return false;
+      }
+
+   if (::cap_rights_init(&rd, CAP_FCNTL, CAP_EVENT, CAP_READ) == nullptr)
+      {
+      return false;
+      }
+
+   if (::cap_rights_limit(STDOUT_FILENO, &wt) == -1)
+      {
+      return false;
+      }
+
+   if (::cap_rights_limit(STDERR_FILENO, &wt) == -1)
+      {
+      return false;
+      }
+
+   if (::cap_rights_limit(STDIN_FILENO, &rd) == -1)
+      {
+      return false;
+      }
+
    return (::cap_enter() == 0);
 #else
    return true;
author	Jack Lloyd <[email protected]>	2019-07-05 04:22:10 -0400
committer	Jack Lloyd <[email protected]>	2019-07-05 04:22:10 -0400
commit	f95731602d83d4fd5686c98f1cfbf02f101a3652 (patch)
tree	c29a0075c97b4ce82da79df98e157b895a86b7de
parent	a84506ddf491c7e216d98a571b732ab7b1424025 (diff)
parent	3fa5e2134d2a4802f6e9cf322ff33c241978f74e (diff)