diff options
author | Vincent Untz <vuntz@gnome.org> | 2011-05-06 14:14:21 +0200 |
---|---|---|
committer | Vincent Untz <vuntz@gnome.org> | 2011-05-16 08:46:14 +0200 |
commit | 11a5d410d9d2c9006d78cff05ee42759cc7731b1 (patch) | |
tree | 773ff1be9f48213d46eb7bd5b962370f03cd5ac5 /daemon/gkd-capability.c | |
parent | 89efa77a605078c501eff393f201911d24604565 (diff) | |
download | gnome-keyring-11a5d410d9d2c9006d78cff05ee42759cc7731b1.tar.gz |
Improved checks for fs capabilities, and drop unneeded ones
If we have fs capabilities, we first need to check that we really do
have ipc_lock, and if that's the case we just keep ipc_lock and drop
everything else.
https://bugzilla.gnome.org/show_bug.cgi?id=649560
Diffstat (limited to 'daemon/gkd-capability.c')
-rw-r--r-- | daemon/gkd-capability.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/daemon/gkd-capability.c b/daemon/gkd-capability.c index 5b47f4e7..e15200ae 100644 --- a/daemon/gkd-capability.c +++ b/daemon/gkd-capability.c @@ -71,11 +71,26 @@ gkd_capability_obtain_capability_and_drop_privileges (void) early_error ("failed dropping capabilities"); break; case CAPNG_FAIL: - case CAPNG_NONE: early_error ("error getting process capabilities"); break; + case CAPNG_NONE: + early_error ("insufficient process capabilities"); + break; case CAPNG_PARTIAL: /* File system based capabilities */ - break; + if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) { + early_error ("insufficient process capabilities"); + break; + } + + /* Drop all capabilities except ipc_lock */ + capng_clear (CAPNG_SELECT_BOTH); + if (capng_update (CAPNG_ADD, + CAPNG_EFFECTIVE|CAPNG_PERMITTED, + CAP_IPC_LOCK) != 0) + early_error ("error dropping process capabilities"); + if (capng_apply (CAPNG_SELECT_BOTH) != 0) + early_error ("error dropping process capabilities"); + break; } #endif /* HAVE_LIBCAPNG */ } |