summaryrefslogtreecommitdiff
path: root/recipes/gnupg/gnupg-1.4.2.2/16_min_privileges.patch
blob: b29233b33b4e26ccc54c41e9278355cb4c630217 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
--- gnupg-1.4.0/g10/g10.c	2004-12-16 09:47:36.000000000 +0000
+++ /tmp/dpep.O5S02c/gnupg-1.4.0/g10/g10.c	2005-02-03 23:31:40.645873299 +0000
@@ -69,6 +69,11 @@
 #endif
 
 
+#ifdef USE_CAPABILITIES
+#include <sys/capability.h>
+#include <sys/prctl.h>
+#endif
+
 enum cmd_and_opt_values
   {
     aNull = 0,
@@ -1618,6 +1623,10 @@
 #ifdef USE_SHM_COPROCESSING
     ulong requested_shm_size=0;
 #endif
+#ifdef USE_CAPABILITIES
+    uid_t curr_uid;
+    cap_t caps;
+#endif
 
 #ifdef __riscos__
     opt.lock_once = 1;
@@ -1629,6 +1638,33 @@
      * when adding any stuff between here and the call to
      * secmem_init()  somewhere after the option parsing
      */
+
+    /* if we use capabilities and run as root, we can immediately setuid back
+     * to the normal user and only keep CAP_IPC_LOCK until the shared memory is
+     * set up.
+     */
+#ifdef USE_CAPABILITIES
+    curr_uid = getuid();
+    if( curr_uid && !geteuid() ) { /* we are setuid root */
+	if( prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 ) ) {
+	    perror( "main(): could not keep capabilities" );
+	    return -100;
+	}
+
+	if( setuid( curr_uid ) ) {
+	    perror( "main(): could not set user id" );
+	    return -100;
+	}
+
+	caps = cap_from_text( "cap_ipc_lock=p" );
+	if( cap_set_proc( caps ) ) {
+	    perror( "main(): could not install capabilities" );
+	    return -100;
+	}
+	cap_free( caps );
+    }
+#endif
+
     log_set_name("gpg");
     secure_random_alloc(); /* put random number into secure memory */
     may_coredump = disable_core_dumps();
@@ -1747,7 +1783,7 @@
     }
 #endif
     /* initialize the secure memory. */
-    got_secmem=secmem_init( 32768 );
+    got_secmem=secmem_init( 32768 ); /* this will drop all remaining privileges */
     maybe_setuid = 0;
     /* Okay, we are now working under our real uid */