privsep: If dumping lease check stdout is a tty for rlimit.

If it's not, we can't set it.
NetworkConfiguration · Oct 29, 2024 · ade0fc6 · ade0fc6
1 parent b4387dc
commit ade0fc6
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 20 deletions.
diff --git a/src/dhcpcd.c b/src/dhcpcd.c
@@ -1739,13 +1739,6 @@ dhcpcd_readdump2(void *arg, unsigned short events)
 	if (ctx->ctl_buf[ctx->ctl_buflen - 1] != '\0') /* unlikely */
 		ctx->ctl_buf[ctx->ctl_buflen - 1] = '\0';
 	script_dump(ctx->ctl_buf, ctx->ctl_buflen);
-#ifdef PRIVSEP
-	// Check for redirect, if so, if privsep we need to open up priveleges
-	if (IN_PRIVSEP(ctx) && !isatty(fileno(stdout)))
-	{
-		logdebugx("dumplease stdout has been redirected");
-	}
-#endif
 	fflush(stdout);
 	if (--ctx->ctl_extra != 0) {
 		putchar('\n');

diff --git a/src/privsep.c b/src/privsep.c
@@ -125,6 +125,8 @@ static int
 ps_dropprivs(struct dhcpcd_ctx *ctx)
 {
 	struct passwd *pw = ctx->ps_user;
+	int fd_out = ctx->options & DHCPCD_DUMPLEASE ?
+	   STDOUT_FILENO : STDERR_FILENO;
 
 	if (ctx->options & DHCPCD_LAUNCHER)
 		logdebugx("chrooting as %s to %s", pw->pw_name, pw->pw_dir);
@@ -144,7 +146,6 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 	}
 
 	struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 };
-	struct rlimit rlease = { .rlim_cur = 5000, .rlim_max = 5000 };
 
 	/* Prohibit new files, sockets, etc */
 	/*
@@ -173,19 +174,10 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 	 * Obviously this won't work if we are using a logfile
 	 * or redirecting stderr to a file. */
 	if ((ctx->options & DHC_NOCHKIO) == DHC_NOCHKIO ||
-	    (ctx->logfile == NULL && isatty(STDERR_FILENO) == 1))
+	    (ctx->logfile == NULL && isatty(fd_out) == 1))
 	{
-		/* Allow dumplease to write to file (all other priveleges are still reduced) */
-		if (ctx->options & DHCPCD_DUMPLEASE) {
-			logdebugx("%s DHCPCD_DUMPLEASE setrlimit to %d for RLIMIT_FSIZE", __func__, rlease.rlim_cur);
-			if (setrlimit(RLIMIT_FSIZE, &rlease) == -1)
-				logerr("setrlimit RLIMIT_FSIZE rlim_cur: %d max: %d", rlease.rlim_cur, rlease.rlim_max);
-		}
-		else {
-			logdebugx("%s DHC_NOCHKIO setrlimit to %d for RLIMIT_FSIZE", __func__, rzero.rlim_cur);
-			if (setrlimit(RLIMIT_FSIZE, &rzero) == -1)
-				logerr("setrlimit RLIMIT_FSIZE rlim_cur: %d max: %d", rzero.rlim_cur, rzero.rlim_max);
-		}
+		if (setrlimit(RLIMIT_FSIZE, &rzero) == -1)
+			logerr("setrlimit RLIMIT_FSIZE");
 	}
 
 #ifdef RLIMIT_NPROC