From 4d88fcd59da84ac4f09113855c8f15384a4e05c3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 25 May 2007 20:35:30 +0000 Subject: when called with the setid bit change euid to uid sooner to make sure that we can access our own files even when we dropped most capabilities. (Closes #21) git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1455 fefdeb5f-60dc-0310-8127-8f9354f1896f --- src/daemon/caps.c | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) (limited to 'src/daemon/caps.c') diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 2ea51c9f..8043230c 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -35,6 +35,9 @@ #ifdef HAVE_SYS_CAPABILITY_H #include #endif +#ifdef HAVE_SYS_PRCTL_H +#include +#endif #include @@ -76,35 +79,31 @@ void pa_drop_root(void) { #endif -#ifdef HAVE_SYS_CAPABILITY_H +#if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_SYS_PRCTL_H) -/* Limit capabilities set to CAPSYS_NICE */ +/* Limit permitted capabilities set to CAPSYS_NICE */ int pa_limit_caps(void) { int r = -1; cap_t caps; cap_value_t nice_cap = CAP_SYS_NICE; - /* Only drop caps when called SUID */ - if (getuid() == 0) - return 0; - caps = cap_init(); assert(caps); - cap_clear(caps); - - cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET); if (cap_set_proc(caps) < 0) goto fail; + if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) + goto fail; + pa_log_info("dropped capabilities successfully."); - - r = 0; + + r = 1; fail: - cap_free (caps); + cap_free(caps); return r; } @@ -114,24 +113,22 @@ int pa_drop_caps(void) { cap_t caps; int r = -1; - /* Only drop caps when called SUID */ - if (getuid() == 0) - return 0; - caps = cap_init(); assert(caps); cap_clear(caps); + prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0); + if (cap_set_proc(caps) < 0) { pa_log("failed to drop capabilities: %s", pa_cstrerror(errno)); goto fail; } - + r = 0; fail: - cap_free (caps); + cap_free(caps); return r; } -- cgit