summaryrefslogtreecommitdiff
path: root/recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch')
-rw-r--r--recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch68
1 files changed, 0 insertions, 68 deletions
diff --git a/recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch b/recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch
deleted file mode 100644
index b29233b33b..0000000000
--- a/recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch
+++ /dev/null
@@ -1,68 +0,0 @@
---- gnupg-1.4.0/g10/g10.c 2004-12-16 09:47:36.000000000 +0000
-+++ /tmp/dpep.O5S02c/gnupg-1.4.0/g10/g10.c 2005-02-03 23:31:40.645873299 +0000
-@@ -69,6 +69,11 @@
- #endif
-
-
-+#ifdef USE_CAPABILITIES
-+#include <sys/capability.h>
-+#include <sys/prctl.h>
-+#endif
-+
- enum cmd_and_opt_values
- {
- aNull = 0,
-@@ -1618,6 +1623,10 @@
- #ifdef USE_SHM_COPROCESSING
- ulong requested_shm_size=0;
- #endif
-+#ifdef USE_CAPABILITIES
-+ uid_t curr_uid;
-+ cap_t caps;
-+#endif
-
- #ifdef __riscos__
- opt.lock_once = 1;
-@@ -1629,6 +1638,33 @@
- * when adding any stuff between here and the call to
- * secmem_init() somewhere after the option parsing
- */
-+
-+ /* if we use capabilities and run as root, we can immediately setuid back
-+ * to the normal user and only keep CAP_IPC_LOCK until the shared memory is
-+ * set up.
-+ */
-+#ifdef USE_CAPABILITIES
-+ curr_uid = getuid();
-+ if( curr_uid && !geteuid() ) { /* we are setuid root */
-+ if( prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 ) ) {
-+ perror( "main(): could not keep capabilities" );
-+ return -100;
-+ }
-+
-+ if( setuid( curr_uid ) ) {
-+ perror( "main(): could not set user id" );
-+ return -100;
-+ }
-+
-+ caps = cap_from_text( "cap_ipc_lock=p" );
-+ if( cap_set_proc( caps ) ) {
-+ perror( "main(): could not install capabilities" );
-+ return -100;
-+ }
-+ cap_free( caps );
-+ }
-+#endif
-+
- log_set_name("gpg");
- secure_random_alloc(); /* put random number into secure memory */
- may_coredump = disable_core_dumps();
-@@ -1747,7 +1783,7 @@
- }
- #endif
- /* initialize the secure memory. */
-- got_secmem=secmem_init( 32768 );
-+ got_secmem=secmem_init( 32768 ); /* this will drop all remaining privileges */
- maybe_setuid = 0;
- /* Okay, we are now working under our real uid */
-