From fe5c7163949407d331a122214b4aea12c09db48d Mon Sep 17 00:00:00 2001
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Wed, 3 Jul 2013 22:19:43 +0000
Subject: [PATCH] MFp4 @229485:

Only allow to overwrite lease file.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
---
 sbin/dhclient/dhclient.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 34ff85300a7..ead20b42fbd 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -1842,6 +1842,11 @@ rewrite_client_leases(void)
 		leaseFile = fopen(path_dhclient_db, "w");
 		if (!leaseFile)
 			error("can't create %s: %m", path_dhclient_db);
+		if (cap_rights_limit(fileno(leaseFile), CAP_FSTAT | CAP_FSYNC |
+		    CAP_FTRUNCATE | CAP_SEEK | CAP_WRITE) < 0 &&
+		    errno != ENOSYS) {
+			error("can't limit lease descriptor: %m");
+		}
 	} else {
 		fflush(leaseFile);
 		rewind(leaseFile);