MFp4 @229488:

Sandbox unprivileged process using capability mode. Reviewed by: brooks Sponsored by: The FreeBSD Foundation
author: pjd <pjd@FreeBSD.org> 2013-07-03 22:23:25 +0000
committer: pjd <pjd@FreeBSD.org> 2013-07-03 22:23:25 +0000
commit: 85ce2c58ff0686d38588441ec3e73ec11e901a71 (patch)
tree: 95576411c5fa3d7df69527e7311af2be03dbb0f0 /sbin/dhclient
parent: b93b6961b07bfcedd1fb84284a72573c66fe8b36 (diff)
download: FreeBSD-src-85ce2c58ff0686d38588441ec3e73ec11e901a71.zip
FreeBSD-src-85ce2c58ff0686d38588441ec3e73ec11e901a71.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 2305d97..cd4a41b 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -511,6 +511,9 @@ main(int argc, char *argv[])
 
 	setproctitle("%s", ifi->name);
 
+	if (cap_enter() < 0 && errno != ENOSYS)
+		error("can't enter capability mode: %m");
+
 	if (immediate_daemon)
 		go_daemon();
author	pjd <pjd@FreeBSD.org>	2013-07-03 22:23:25 +0000
committer	pjd <pjd@FreeBSD.org>	2013-07-03 22:23:25 +0000
commit	85ce2c58ff0686d38588441ec3e73ec11e901a71 (patch)
tree	95576411c5fa3d7df69527e7311af2be03dbb0f0 /sbin/dhclient
parent	b93b6961b07bfcedd1fb84284a72573c66fe8b36 (diff)
download	FreeBSD-src-85ce2c58ff0686d38588441ec3e73ec11e901a71.zip FreeBSD-src-85ce2c58ff0686d38588441ec3e73ec11e901a71.tar.gz