From f070722b57ba975a0dff36492d766f03026b1d21 Mon Sep 17 00:00:00 2001
From: Jia Tan <jiat0218@gmail.com>
Date: Mon, 6 Mar 2023 21:08:26 +0800
Subject: [PATCH] xz: Reorder cap_enter() to beginning of capsicum sandbox
 code.

cap_enter() puts the process into the sandbox. If later calls to
cap_rights_limit() fail, then the process can still have some extra
protections.
---
 src/xz/file_io.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/xz/file_io.c b/src/xz/file_io.c
index aca9ebae..382fc02c 100644
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@@ -192,6 +192,9 @@ io_sandbox_enter(int src_fd)
 	// Capsicum needs FreeBSD 10.0 or later.
 	cap_rights_t rights;
 
+	if (cap_enter())
+		goto error;
+
 	if (cap_rights_limit(src_fd, cap_rights_init(&rights,
 			CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)))
 		goto error;
@@ -209,9 +212,6 @@ io_sandbox_enter(int src_fd)
 			CAP_WRITE)))
 		goto error;
 
-	if (cap_enter())
-		goto error;
-
 #elif defined(HAVE_PLEDGE)
 	// pledge() was introduced in OpenBSD 5.9.
 	//