capsicum: disable fs writes

Use RLIMIT_FSIZE to disable writes to the filesystem when stdout is not a regular file.
12 months ago · ff574f6412
parent 1a180c7655
commit ff574f6412
2 changed files with 13 additions and 2 deletions
--- a/src/restrict_process_capsicum.c
+++ b/src/restrict_process_capsicum.c
@ -1,4 +1,4 @@
-/* Copyright (c) 2017-2020, Michael Santos <michael.santos@gmail.com>
+/* Copyright (c) 2017-2023, Michael Santos <michael.santos@gmail.com>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@ -16,8 +16,10 @@
 #include <sys/capsicum.h>
 #include <sys/param.h>
 #include <sys/resource.h>
+#include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/types.h>
+#include <unistd.h>

 #include <errno.h>

@ -25,6 +27,15 @@

 int restrict_process_init(xmppipe_state_t *state) {
  struct rlimit rl = {0};
+  struct stat sb = {0};
+
+  if (fstat(STDOUT_FILENO, &sb) < 0)
+    return -1;
+
+  if (!S_ISREG(sb.st_mode)) {
+    if (setrlimit(RLIMIT_FSIZE, &rl) < 0)
+      return -1;
+  }

  return setrlimit(RLIMIT_NPROC, &rl);
 }
--- a/src/xmppipe.h
+++ b/src/xmppipe.h
@ -27,7 +27,7 @@
 #include "strtonum.h"
 #endif

-#define XMPPIPE_VERSION "0.14.7"
+#define XMPPIPE_VERSION "0.14.8"
 #define XMPPIPE_RESOURCE "xmppipe"

 #define XMPPIPE_STREQ(a, b) (strcmp((a), (b)) == 0)