xz, xzdec: Capsicum sandbox: Fix incorrect use of cap_rights_clear()

cap_rights_clear() with no additional arguments acts as a no-op, so instead of removing all capability rights from STDIN_FILENO, the same rights were allowed for STDIN_FILENO as were allowed for src_fd. Fixes: a0eecc235d3b ("xz: Make Capsicum sandbox more strict with stdin and stdout.") (The commit message says "stdout". It should have said "stderr".)
2025-12-15 09:58:45 +00:00 · 2025-04-25 02:55:08 +02:00 · 2025-04-25 02:55:08 +02:00 · 5cc2e479eb
commit 5cc2e479eb
--- a/src/xz/sandbox.c
+++ b/src/xz/sandbox.c
@ -274,7 +274,7 @@ sandbox_enable_strict_if_allowed(

 	// If not reading from stdin, remove all capabilities from it.
 	if (src_fd != STDIN_FILENO && cap_rights_limit(
-			STDIN_FILENO, cap_rights_clear(&rights)))
+			STDIN_FILENO, cap_rights_init(&rights)))
 		goto error;

 	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,
--- a/src/xzdec/xzdec.c
+++ b/src/xzdec/xzdec.c
@ -321,7 +321,7 @@ sandbox_enter(int src_fd)

 	// If not reading from stdin, remove all capabilities from it.
 	if (src_fd != STDIN_FILENO && cap_rights_limit(
-			STDIN_FILENO, cap_rights_clear(&rights)))
+			STDIN_FILENO, cap_rights_init(&rights)))
 		goto error;

 	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,