xz, xzdec: Capsicum sandbox: Fix incorrect use of cap_rights_clear()

cap_rights_clear() with no additional arguments acts as a no-op, so
instead of removing all capability rights from STDIN_FILENO, the same
rights were allowed for STDIN_FILENO as were allowed for src_fd.

Fixes: a0eecc235d3b ("xz: Make Capsicum sandbox more strict with stdin and stdout.")
(The commit message says "stdout". It should have said "stderr".)

diff --git a/src/xz/sandbox.c b/src/xz/sandbox.c
index f5576960d9aad21c69a9f328d62a7134b8394c9f..1f040e4ab406f4d0b7306fa00babeafbdfbc2b43 100644 (file)
--- a/src/xz/sandbox.c
+++ b/src/xz/sandbox.c
@@ -274,7 +274,7 @@ sandbox_enable_strict_if_allowed(
 
        // If not reading from stdin, remove all capabilities from it.
        if (src_fd != STDIN_FILENO && cap_rights_limit(
-                       STDIN_FILENO, cap_rights_clear(&rights)))
+                       STDIN_FILENO, cap_rights_init(&rights)))
                goto error;
 
        if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,

diff --git a/src/xzdec/xzdec.c b/src/xzdec/xzdec.c
index 96e2444438c203e18f9b2577ec3423b40a08ffba..e1e2744911720fe66dae1359de75174e7fc43adc 100644 (file)
--- a/src/xzdec/xzdec.c
+++ b/src/xzdec/xzdec.c
@@ -321,7 +321,7 @@ sandbox_enter(int src_fd)
 
        // If not reading from stdin, remove all capabilities from it.
        if (src_fd != STDIN_FILENO && cap_rights_limit(
-                       STDIN_FILENO, cap_rights_clear(&rights)))
+                       STDIN_FILENO, cap_rights_init(&rights)))
                goto error;
 
        if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,