From 7cc7aab2c8f1a143558949bdbf166cb56ebb40d8 Mon Sep 17 00:00:00 2001
From: Alan Somers <asomers@gmail.com>
Date: Mon, 18 Mar 2024 13:33:53 -0600
Subject: [PATCH] Use Capsicum within unftp-sbe-fs, on FreeBSD.

After authenticating a connection, limit the process's rights to
mitigate any potential attacks.
---
 Cargo.toml                     |  6 +++---
 crates/unftp-sbe-fs/Cargo.toml |  3 +++
 crates/unftp-sbe-fs/src/lib.rs | 22 ++++++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 536671b2..3245d0cb 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -71,8 +71,8 @@ tokio = { version = "1.36.0", features = ["macros", "rt-multi-thread"] }
 unftp-sbe-fs = { path = "../libunftp/crates/unftp-sbe-fs"}
 
 [patch.crates-io]
-capsicum = { git = "https://github.com/asomers/capsicum-rs", rev = "24330ee"}
-casper-sys = { git = "https://github.com/asomers/capsicum-rs", rev = "24330ee"}
+capsicum = { git = "https://github.com/asomers/capsicum-rs", rev = "2feefa0"}
+casper-sys = { git = "https://github.com/asomers/capsicum-rs", rev = "2feefa0"}
 
 [lints]
-workspace=true
\ No newline at end of file
+workspace=true
diff --git a/crates/unftp-sbe-fs/Cargo.toml b/crates/unftp-sbe-fs/Cargo.toml
index 407f24fc..89c594a1 100644
--- a/crates/unftp-sbe-fs/Cargo.toml
+++ b/crates/unftp-sbe-fs/Cargo.toml
@@ -47,6 +47,9 @@ tokio = { version = "1.36.0", features = ["macros", "rt-multi-thread"] }
 tracing-subscriber = "0.3.18"
 getrandom = "0.2.12"
 
+[target.'cfg(target_os = "freebsd")'.dependencies]
+capsicum = { version = "0.3.0", features = [] }
+
 [target.'cfg(target_os = "freebsd")'.dev-dependencies]
 capsicum = { version = "0.3.0", features = ["casper"] }
 capsicum-net = { version = "0.1.0", features = ["tokio"], git = "https://github.com/asomers/capsicum-net", rev = "c6fc574" }
diff --git a/crates/unftp-sbe-fs/src/lib.rs b/crates/unftp-sbe-fs/src/lib.rs
index 16be23b9..8648e625 100644
--- a/crates/unftp-sbe-fs/src/lib.rs
+++ b/crates/unftp-sbe-fs/src/lib.rs
@@ -100,6 +100,28 @@ impl<User: UserDetail> StorageBackend<User> for Filesystem {
             };
             self.root_fd = Arc::new(self.root_fd.open_dir(relpath)?);
         }
+        cfg_if! {
+            if #[cfg(target_os = "freebsd")] {
+                use capsicum::CapRights;
+
+                let mut rights = capsicum::RightsBuilder::new();
+                rights.allow(capsicum::Right::Fcntl);
+                rights.allow(capsicum::Right::Fstatat);
+                rights.allow(capsicum::Right::Lookup);
+                rights.allow(capsicum::Right::Read);
+                rights.allow(capsicum::Right::Seek);
+                if !user_detail.read_only() {
+                    rights.allow(capsicum::Right::Create);
+                    rights.allow(capsicum::Right::Ftruncate);
+                    rights.allow(capsicum::Right::Mkdirat);
+                    rights.allow(capsicum::Right::RenameatSource);
+                    rights.allow(capsicum::Right::RenameatTarget);
+                    rights.allow(capsicum::Right::Unlinkat);
+                    rights.allow(capsicum::Right::Write);
+                }
+                rights.finalize().limit(&self.root_fd)?;
+            }
+        }
         Ok(())
     }