From: Roy Marples <roy@marples.name>
Date: Wed, 7 Oct 2020 14:31:35 +0000 (+0100)
Subject: privsep: Improve rights on launcher fork and stderr fds
X-Git-Tag: v9.3.1~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1f3372c470cd347c49ca490353bb1134298d360;p=thirdparty%2Fdhcpcd.git

privsep: Improve rights on launcher fork and stderr fds
---

diff --git a/src/dhcpcd.c b/src/dhcpcd.c
index a9ced339..4cd5a02e 100644
--- a/src/dhcpcd.c
+++ b/src/dhcpcd.c
@@ -2246,7 +2246,7 @@ printpidfile:
 		ctx.fork_fd = fork_fd[1];
 		close(fork_fd[0]);
 #ifdef PRIVSEP_RIGHTS
-		if (ps_rights_limit_fd(fork_fd[1]) == -1) {
+		if (ps_rights_limit_fd(ctx.fork_fd) == -1) {
 			logerr("ps_rights_limit_fdpair");
 			goto exit_failure;
 		}
@@ -2293,10 +2293,8 @@ printpidfile:
 		ctx.fork_fd = fork_fd[0];
 		close(fork_fd[1]);
 #ifdef PRIVSEP_RIGHTS
-		if (ps_rights_limit_fd(fork_fd[0]) == -1 ||
-		    ps_rights_limit_fd(stderr_fd[0]) == 1)
-		{
-			logerr("ps_rights_limit_fdpair");
+		if (ps_rights_limit_fd(ctx.fork_fd) == -1) {
+			logerr("ps_rights_limit_fd");
 			goto exit_failure;
 		}
 #endif
@@ -2306,14 +2304,13 @@ printpidfile:
 			ctx.stderr_fd = stderr_fd[0];
 			close(stderr_fd[1]);
 #ifdef PRIVSEP_RIGHTS
-			if (ps_rights_limit_fd(stderr_fd[0]) == 1) {
-				logerr("ps_rights_limit_fdpair");
+			if (ps_rights_limit_fd(ctx.stderr_fd) == 1) {
+				logerr("ps_rights_limit_fd");
 				goto exit_failure;
 			}
 #endif
-			if (ctx.stderr_valid)
-				eloop_event_add(ctx.eloop, ctx.stderr_fd,
-				    dhcpcd_stderr_cb, &ctx);
+			eloop_event_add(ctx.eloop, ctx.stderr_fd,
+			    dhcpcd_stderr_cb, &ctx);
 		}
 #ifdef PRIVSEP
 		if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx, NULL) == -1)