Date: Wed, 3 Jul 2013 22:21:12 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r252632 - head/sbin/dhclient Message-ID: <201307032221.r63MLCFX040868@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Wed Jul 3 22:21:11 2013 New Revision: 252632 URL: http://svnweb.freebsd.org/changeset/base/252632 Log: MFp4 @229486: Once PID is written to the pidfile, revoke all capability rights. We just want to keep the pidfile open. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Modified: head/sbin/dhclient/dhclient.c Modified: head/sbin/dhclient/dhclient.c ============================================================================== --- head/sbin/dhclient/dhclient.c Wed Jul 3 22:19:43 2013 (r252631) +++ head/sbin/dhclient/dhclient.c Wed Jul 3 22:21:11 2013 (r252632) @@ -2363,8 +2363,13 @@ go_daemon(void) if (daemon(1, 0) == -1) error("daemon"); - if (pidfile != NULL) + if (pidfile != NULL) { pidfile_write(pidfile); + if (cap_rights_limit(pidfile_fileno(pidfile), CAP_NONE) < 0 && + errno != ENOSYS) { + error("can't limit pidfile descriptor: %m"); + } + } /* we are chrooted, daemon(3) fails to open /dev/null */ if (nullfd != -1) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307032221.r63MLCFX040868>