[pulseaudio-discuss] [PATCH] daemon: Don't rely on prctl(PR_SET_KEEPCAPS, 0) for dropping caps.
David Henningsson
david.henningsson at canonical.com
Thu Feb 7 03:09:46 PST 2013
On 12/16/2012 09:38 AM, Tanu Kaskinen wrote:
> Does someone want to review this?
>
>
> On Thu, 2012-04-05 at 15:37 +0300, Tanu Kaskinen wrote:
>> Capability dropping when changing the user in the system
>> mode was previously implemented by calling
>> prctl(PR_SET_KEEPCAPS, 0), but that doesn't necessarily
>> work. It's possible that the KEEPCAPS flag is locked to 1,
>> in which case the prctl() call fails with EPERM (this
>> happens at least on Harmattan). This patch implements
>> explicit capability dropping after changing the user.
>> ---
>> src/daemon/caps.c | 27 +++++++++++++--------------
>> src/daemon/caps.h | 2 ++
>> src/daemon/main.c | 4 +++-
>> 3 files changed, 18 insertions(+), 15 deletions(-)
>>
>> diff --git a/src/daemon/caps.c b/src/daemon/caps.c
>> index 3759388..36b76a9 100644
>> --- a/src/daemon/caps.c
>> +++ b/src/daemon/caps.c
>> @@ -36,10 +36,6 @@
>> #include <sys/capability.h>
>> #endif
>>
>> -#ifdef HAVE_SYS_PRCTL_H
>> -#include <sys/prctl.h>
>> -#endif
>> -
>> #include "caps.h"
>>
>> /* Glibc <= 2.2 has broken unistd.h */
>> @@ -78,17 +74,20 @@ void pa_drop_root(void) {
>> pa_assert_se(getegid() == gid);
>> #endif
>>
>> -#ifdef HAVE_SYS_PRCTL_H
>> - pa_assert_se(prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) == 0);
>> -#endif
>> + if (uid != 0)
>> + pa_drop_caps();
Why should caps not be dropped if uid == 0?
--
David Henningsson, Canonical Ltd.
https://launchpad.net/~diwic
More information about the pulseaudio-discuss
mailing list