svn commit: r252634 - head/sbin/dhclient

Wed, 03 Jul 2013 15:23:57 -0700 

Author: pjd
Date: Wed Jul  3 22:23:25 2013
New Revision: 252634
URL: http://svnweb.freebsd.org/changeset/base/252634

Log:
  MFp4 @229488:
  
  Sandbox unprivileged process using capability mode.
  
  Reviewed by:  brooks
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sbin/dhclient/dhclient.c

Modified: head/sbin/dhclient/dhclient.c
==============================================================================
--- head/sbin/dhclient/dhclient.c       Wed Jul  3 22:22:29 2013        
(r252633)
+++ head/sbin/dhclient/dhclient.c       Wed Jul  3 22:23:25 2013        
(r252634)
@@ -511,6 +511,9 @@ main(int argc, char *argv[])
 
        setproctitle("%s", ifi->name);
 
+       if (cap_enter() < 0 && errno != ENOSYS)
+               error("can't enter capability mode: %m");
+
        if (immediate_daemon)
                go_daemon();
 
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to