diff --git a/ChangeLog b/ChangeLog index ebe80e5cd..5d9b9d10e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ declspec(dllimport). The least intrusive way to get rid of these warnings is to disable warnings for GCC compiler attributes when building on Cygwin. Patch from vinschen at redhat.com. + - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the + return value check for cap_enter() consistent with the other uses in + FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140. 20140117 - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain diff --git a/sandbox-capsicum.c b/sandbox-capsicum.c index 5853a13ef..f648c6ece 100644 --- a/sandbox-capsicum.c +++ b/sandbox-capsicum.c @@ -87,9 +87,9 @@ ssh_sandbox_child(struct ssh_sandbox *box) if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) fatal("can't limit stdin: %m"); if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) - fatal("can't limit stdin: %m"); + fatal("can't limit stdout: %m"); if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) - fatal("can't limit stdin: %m"); + fatal("can't limit stderr: %m"); cap_rights_init(&rights, CAP_READ, CAP_WRITE); if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1) @@ -97,7 +97,7 @@ ssh_sandbox_child(struct ssh_sandbox *box) cap_rights_init(&rights, CAP_WRITE); if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1) fatal("%s: failed to limit the logging socket", __func__); - if (cap_enter() != 0 && errno != ENOSYS) + if (cap_enter() < 0 && errno != ENOSYS) fatal("%s: failed to enter capability mode", __func__); }