From 5cc2e479eb447a444f5ab005fc36b7f275c75eb5 Mon Sep 17 00:00:00 2001 From: Guillaume Outters Date: Fri, 25 Apr 2025 02:55:08 +0200 Subject: [PATCH] xz, xzdec: Capsicum sandbox: Fix incorrect use of cap_rights_clear() cap_rights_clear() with no additional arguments acts as a no-op, so instead of removing all capability rights from STDIN_FILENO, the same rights were allowed for STDIN_FILENO as were allowed for src_fd. Fixes: a0eecc235d3b ("xz: Make Capsicum sandbox more strict with stdin and stdout.") (The commit message says "stdout". It should have said "stderr".) --- src/xz/sandbox.c | 2 +- src/xzdec/xzdec.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/xz/sandbox.c b/src/xz/sandbox.c index f5576960..1f040e4a 100644 --- a/src/xz/sandbox.c +++ b/src/xz/sandbox.c @@ -274,7 +274,7 @@ sandbox_enable_strict_if_allowed( // If not reading from stdin, remove all capabilities from it. if (src_fd != STDIN_FILENO && cap_rights_limit( - STDIN_FILENO, cap_rights_clear(&rights))) + STDIN_FILENO, cap_rights_init(&rights))) goto error; if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights, diff --git a/src/xzdec/xzdec.c b/src/xzdec/xzdec.c index 96e24444..e1e27449 100644 --- a/src/xzdec/xzdec.c +++ b/src/xzdec/xzdec.c @@ -321,7 +321,7 @@ sandbox_enter(int src_fd) // If not reading from stdin, remove all capabilities from it. if (src_fd != STDIN_FILENO && cap_rights_limit( - STDIN_FILENO, cap_rights_clear(&rights))) + STDIN_FILENO, cap_rights_init(&rights))) goto error; if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,