Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 150845 | Differences between
and this patch

Collapse All | Expand All

(-)sysklogd-1.4.1/klogd.c.orig (+34 lines)
Lines 246-251 Link Here
246
 * Thu Apr 29 15:24:07 2004: Solar Designer <solar@openwall.com>
246
 * Thu Apr 29 15:24:07 2004: Solar Designer <solar@openwall.com>
247
 *	Prevent potential buffer overflow in reading messages from the
247
 *	Prevent potential buffer overflow in reading messages from the
248
 *	kernel log rinbuffer.
248
 *	kernel log rinbuffer.
249
 *
250
 * Thu Oct 12 00:12:02 2006: Miguel Filipe <miguel.filipe@gmail.com>
251
 *  fix drop_root() to work correctly with capabilities
249
 */
252
 */
250
253
251
254
Lines 263-268 Link Here
263
#include <stdlib.h>
266
#include <stdlib.h>
264
#include <pwd.h>
267
#include <pwd.h>
265
#include <grp.h>
268
#include <grp.h>
269
#include <sys/prctl.h>
270
#include <sys/capability.h>
266
#include "klogd.h"
271
#include "klogd.h"
267
#include "ksyms.h"
272
#include "ksyms.h"
268
#ifndef TESTING
273
#ifndef TESTING
Lines 989-994 Link Here
989
static int drop_root(void)
994
static int drop_root(void)
990
{
995
{
991
	struct passwd *pw;
996
	struct passwd *pw;
997
	cap_t cap;
998
	cap_value_t cap_value[2] = { CAP_SYS_ADMIN, CAP_SYS_CHROOT };
999
	int result;
992
1000
993
	if (!(pw = getpwnam(server_user))) return -1;
1001
	if (!(pw = getpwnam(server_user))) return -1;
994
1002
Lines 999-1008 Link Here
999
		if (chdir("/")) return -1;
1007
		if (chdir("/")) return -1;
1000
	}
1008
	}
1001
1009
1010
	/* set keep capabilities */
1011
	if( prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 ) ) 
1012
		return -1;
1013
1014
	/* test whether cap_set_proc works */
1015
	cap = cap_get_proc();
1016
	if( cap ) {
1017
		result = cap_set_proc( cap );
1018
		cap_free( cap );
1019
		if( result )
1020
			return -1;
1021
	} else
1022
		return -1;
1023
1024
1002
	if (setgroups(0, NULL)) return -1;
1025
	if (setgroups(0, NULL)) return -1;
1003
	if (setgid(pw->pw_gid)) return -1;
1026
	if (setgid(pw->pw_gid)) return -1;
1004
	if (setuid(pw->pw_uid)) return -1;
1027
	if (setuid(pw->pw_uid)) return -1;
1005
1028
1029
    /* set necessary capabilities */
1030
	cap = cap_init();
1031
	if( cap_set_flag( cap, CAP_PERMITTED, 2, cap_value, CAP_SET ) || 
1032
		cap_set_flag( cap, CAP_EFFECTIVE, 2, cap_value, CAP_SET ) ) 
1033
		return -1;
1034
1035
	if( cap_set_proc( cap ) ) 
1036
		return -1;
1037
	if( cap_free( cap ) ) 
1038
		return -1;
1039
1006
	return 0;
1040
	return 0;
1007
}
1041
}
1008
1042

Return to bug 150845