From ade0fc60771cee94ffd6ade35805d8d1dcb5cdcd Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Tue, 29 Oct 2024 08:15:40 +0000
Subject: [PATCH] privsep: If dumping lease check stdout is a tty for rlimit.

If it's not, we can't set it.
---
 src/dhcpcd.c  |  7 -------
 src/privsep.c | 18 +++++-------------
 2 files changed, 5 insertions(+), 20 deletions(-)

diff --git a/src/dhcpcd.c b/src/dhcpcd.c
index 25ab23ed..00a80c7a 100644
--- a/src/dhcpcd.c
+++ b/src/dhcpcd.c
@@ -1739,13 +1739,6 @@ dhcpcd_readdump2(void *arg, unsigned short events)
 	if (ctx->ctl_buf[ctx->ctl_buflen - 1] != '\0') /* unlikely */
 		ctx->ctl_buf[ctx->ctl_buflen - 1] = '\0';
 	script_dump(ctx->ctl_buf, ctx->ctl_buflen);
-#ifdef PRIVSEP
-	// Check for redirect, if so, if privsep we need to open up priveleges
-	if (IN_PRIVSEP(ctx) && !isatty(fileno(stdout)))
-	{
-		logdebugx("dumplease stdout has been redirected");
-	}
-#endif
 	fflush(stdout);
 	if (--ctx->ctl_extra != 0) {
 		putchar('\n');
diff --git a/src/privsep.c b/src/privsep.c
index 0fc71298..98e8f488 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -125,6 +125,8 @@ static int
 ps_dropprivs(struct dhcpcd_ctx *ctx)
 {
 	struct passwd *pw = ctx->ps_user;
+	int fd_out = ctx->options & DHCPCD_DUMPLEASE ?
+	   STDOUT_FILENO : STDERR_FILENO;
 
 	if (ctx->options & DHCPCD_LAUNCHER)
 		logdebugx("chrooting as %s to %s", pw->pw_name, pw->pw_dir);
@@ -144,7 +146,6 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 	}
 
 	struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 };
-	struct rlimit rlease = { .rlim_cur = 5000, .rlim_max = 5000 };
 
 	/* Prohibit new files, sockets, etc */
 	/*
@@ -173,19 +174,10 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 	 * Obviously this won't work if we are using a logfile
 	 * or redirecting stderr to a file. */
 	if ((ctx->options & DHC_NOCHKIO) == DHC_NOCHKIO ||
-	    (ctx->logfile == NULL && isatty(STDERR_FILENO) == 1))
+	    (ctx->logfile == NULL && isatty(fd_out) == 1))
 	{
-		/* Allow dumplease to write to file (all other priveleges are still reduced) */
-		if (ctx->options & DHCPCD_DUMPLEASE) {
-			logdebugx("%s DHCPCD_DUMPLEASE setrlimit to %d for RLIMIT_FSIZE", __func__, rlease.rlim_cur);
-			if (setrlimit(RLIMIT_FSIZE, &rlease) == -1)
-				logerr("setrlimit RLIMIT_FSIZE rlim_cur: %d max: %d", rlease.rlim_cur, rlease.rlim_max);
-		}
-		else {
-			logdebugx("%s DHC_NOCHKIO setrlimit to %d for RLIMIT_FSIZE", __func__, rzero.rlim_cur);
-			if (setrlimit(RLIMIT_FSIZE, &rzero) == -1)
-				logerr("setrlimit RLIMIT_FSIZE rlim_cur: %d max: %d", rzero.rlim_cur, rzero.rlim_max);
-		}
+		if (setrlimit(RLIMIT_FSIZE, &rzero) == -1)
+			logerr("setrlimit RLIMIT_FSIZE");
 	}
 
 #ifdef RLIMIT_NPROC