1 #include <sys/capsicum.h>
2 #include <errno.h>
3 #include <stdlib.h>
4 #include <stdio.h>
5 #include <string.h>
6 #include <unistd.h>
7 #include "memcached.h"
8
9 /*
10 * dropping privileges is entering in capability mode
11 * in FreeBSD vocabulary.
12 */
drop_privileges()13 void drop_privileges() {
14 cap_rights_t wd, rd;
15
16 if (cap_rights_init(&wd, CAP_WRITE, CAP_READ) == NULL) {
17 fprintf(stderr, "cap_rights_init write protection failed: %s\n", strerror(errno));
18 exit(EXIT_FAILURE);
19 }
20
21 if (cap_rights_init(&rd, CAP_FCNTL, CAP_READ, CAP_EVENT) == NULL) {
22 fprintf(stderr, "cap_rights_init read protection failed: %s\n", strerror(errno));
23 exit(EXIT_FAILURE);
24 }
25
26 if (cap_rights_limit(STDIN_FILENO, &rd) != 0) {
27 fprintf(stderr, "cap_rights_limit stdin failed: %s\n", strerror(errno));
28 exit(EXIT_FAILURE);
29 }
30
31 if (cap_rights_limit(STDOUT_FILENO, &wd) != 0) {
32 fprintf(stderr, "cap_rights_limit stdout failed: %s\n", strerror(errno));
33 exit(EXIT_FAILURE);
34 }
35
36 if (cap_rights_limit(STDERR_FILENO, &wd) != 0) {
37 fprintf(stderr, "cap_rights_limit stderr failed: %s\n", strerror(errno));
38 exit(EXIT_FAILURE);
39 }
40
41 if (cap_enter() != 0) {
42 fprintf(stderr, "cap_enter failed: %s\n", strerror(errno));
43 exit(EXIT_FAILURE);
44 }
45 }
46
setup_privilege_violations_handler(void)47 void setup_privilege_violations_handler(void) {
48 // not needed
49 }
50