tls cli sandbox freebsd update.

Expanding on capsicum usage limiting those file descriptors to what they re supposed to do.
author: David Carlier <[email protected]> 2019-07-05 06:41:12 +0000
committer: David Carlier <[email protected]> 2019-07-05 06:42:41 +0000
commit: 3fa5e2134d2a4802f6e9cf322ff33c241978f74e (patch)
tree: c29a0075c97b4ce82da79df98e157b895a86b7de /src
parent: a84506ddf491c7e216d98a571b732ab7b1424025 (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/src/cli/sandbox.cpp b/src/cli/sandbox.cpp
index 90eaf8b89..901ca1d78 100644
--- a/src/cli/sandbox.cpp
+++ b/src/cli/sandbox.cpp
@@ -11,6 +11,7 @@
   #include <unistd.h>
 #elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
   #include <sys/capsicum.h>
+  #include <unistd.h>
 #endif
 
 namespace Botan_CLI {
@@ -32,6 +33,33 @@ bool Sandbox::init()
    const static char *opts = "stdio rpath inet error";
    return (::pledge(opts, nullptr) == 0);
 #elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
+   cap_rights_t wt, rd;
+
+   if (::cap_rights_init(&wt, CAP_READ, CAP_WRITE) == nullptr)
+      {
+      return false;
+      }
+
+   if (::cap_rights_init(&rd, CAP_FCNTL, CAP_EVENT, CAP_READ) == nullptr)
+      {
+      return false;
+      }
+
+   if (::cap_rights_limit(STDOUT_FILENO, &wt) == -1)
+      {
+      return false;
+      }
+
+   if (::cap_rights_limit(STDERR_FILENO, &wt) == -1)
+      {
+      return false;
+      }
+
+   if (::cap_rights_limit(STDIN_FILENO, &rd) == -1)
+      {
+      return false;
+      }
+
    return (::cap_enter() == 0);
 #else
    return true;
author	David Carlier <[email protected]>	2019-07-05 06:41:12 +0000
committer	David Carlier <[email protected]>	2019-07-05 06:42:41 +0000
commit	3fa5e2134d2a4802f6e9cf322ff33c241978f74e (patch)
tree	c29a0075c97b4ce82da79df98e157b895a86b7de /src
parent	a84506ddf491c7e216d98a571b732ab7b1424025 (diff)