From abdfa0b19c10ffe333b4782ec146c9f76592eb4a Mon Sep 17 00:00:00 2001
From: Mariusz Zaborski <oshogbo@FreeBSD.org>
Date: Fri, 7 Oct 2016 19:02:13 +0000
Subject: [PATCH] Restrict stdin if it's not in use.

Reviewed by:	emaste, cem
Differential Revision:	https://reviews.freebsd.org/D8184
---
 usr.bin/cmp/cmp.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/usr.bin/cmp/cmp.c b/usr.bin/cmp/cmp.c
index 2aa5603e49e..a49aebce21c 100644
--- a/usr.bin/cmp/cmp.c
+++ b/usr.bin/cmp/cmp.c
@@ -164,6 +164,14 @@ main(int argc, char *argv[])
 	if (cap_fcntls_limit(fd2, fcntls) < 0 && errno != ENOSYS)
 		err(ERR_EXIT, "unable to limit fcntls for %s", file2);
 
+	if (!special) {
+		cap_rights_init(&rights);
+		if (cap_rights_limit(STDIN_FILENO, &rights) < 0 &&
+		    errno != ENOSYS) {
+			err(ERR_EXIT, "unable to limit stdio");
+		}
+	}
+
 	if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1)
 		err(ERR_EXIT, "unable to limit stdio");