MFp4 @229485:

Only allow to overwrite lease file. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
author: pjd <pjd@FreeBSD.org> 2013-07-03 22:19:43 +0000
committer: pjd <pjd@FreeBSD.org> 2013-07-03 22:19:43 +0000
commit: 745563514be1c4a53986276e837d351f916f2788 (patch)
tree: 6c65d2cd9ed36c774bd6004d1ae854d1ca7f0528 /sbin/dhclient
parent: 157b58cb300b2659ec65eee45aef27bfdcda91b6 (diff)
download: FreeBSD-src-745563514be1c4a53986276e837d351f916f2788.zip
FreeBSD-src-745563514be1c4a53986276e837d351f916f2788.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 34ff853..ead20b4 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -1842,6 +1842,11 @@ rewrite_client_leases(void)
 		leaseFile = fopen(path_dhclient_db, "w");
 		if (!leaseFile)
 			error("can't create %s: %m", path_dhclient_db);
+		if (cap_rights_limit(fileno(leaseFile), CAP_FSTAT | CAP_FSYNC |
+		    CAP_FTRUNCATE | CAP_SEEK | CAP_WRITE) < 0 &&
+		    errno != ENOSYS) {
+			error("can't limit lease descriptor: %m");
+		}
 	} else {
 		fflush(leaseFile);
 		rewind(leaseFile);
author	pjd <pjd@FreeBSD.org>	2013-07-03 22:19:43 +0000
committer	pjd <pjd@FreeBSD.org>	2013-07-03 22:19:43 +0000
commit	745563514be1c4a53986276e837d351f916f2788 (patch)
tree	6c65d2cd9ed36c774bd6004d1ae854d1ca7f0528 /sbin/dhclient
parent	157b58cb300b2659ec65eee45aef27bfdcda91b6 (diff)
download	FreeBSD-src-745563514be1c4a53986276e837d351f916f2788.zip FreeBSD-src-745563514be1c4a53986276e837d351f916f2788.tar.gz