svn commit: r252634 - head/sbin/dhclient
Pawel Jakub Dawidek
pjd at FreeBSD.org
Wed Jul 3 22:23:25 UTC 2013
Author: pjd
Date: Wed Jul 3 22:23:25 2013
New Revision: 252634
URL: http://svnweb.freebsd.org/changeset/base/252634
Log:
MFp4 @229488:
Sandbox unprivileged process using capability mode.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
head/sbin/dhclient/dhclient.c
Modified: head/sbin/dhclient/dhclient.c
==============================================================================
--- head/sbin/dhclient/dhclient.c Wed Jul 3 22:22:29 2013 (r252633)
+++ head/sbin/dhclient/dhclient.c Wed Jul 3 22:23:25 2013 (r252634)
@@ -511,6 +511,9 @@ main(int argc, char *argv[])
setproctitle("%s", ifi->name);
+ if (cap_enter() < 0 && errno != ENOSYS)
+ error("can't enter capability mode: %m");
+
if (immediate_daemon)
go_daemon();
More information about the svn-src-all
mailing list