From: Lasse Collin <lasse.collin@tukaani.org>
Date: Mon, 28 Apr 2025 15:22:32 +0000 (+0300)
Subject: xz: Capsicum sandbox: Fix incorrect use of cap_rights_clear()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fv5.4;p=thirdparty%2Fxz.git

xz: Capsicum sandbox: Fix incorrect use of cap_rights_clear()

cap_rights_clear() with no additional arguments acts as a no-op, so
instead of removing all capability rights from STDIN_FILENO, the same
rights were allowed for STDIN_FILENO as were allowed for src_fd.

Co-authored-by: Guillaume Outters <guillaume-installs@outters.eu>
Fixes: fd56d5353360 ("xz: Make Capsicum sandbox more strict with stdin and stdout.")
(The commit message says "stdout". It should have said "stderr".)

(based on commit 5cc2e479eb447a444f5ab005fc36b7f275c75eb5)
---

diff --git a/src/xz/file_io.c b/src/xz/file_io.c
index 78fbdf72..f09498da 100644
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@@ -201,7 +201,7 @@ io_sandbox_enter(int src_fd)
 
 	// If not reading from stdin, remove all capabilities from it.
 	if (src_fd != STDIN_FILENO && cap_rights_limit(
-			STDIN_FILENO, cap_rights_clear(&rights)))
+			STDIN_FILENO, cap_rights_init(&rights)))
 		goto error;
 
 	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,