1838. [cleanup] Don't allow Linux capabilities to be inherited.

[RT #13707]

1838. [cleanup] Don't allow Linux capabilities to be inherited.
[RT #13707]
bb99a72b · Mark Andrews · 3b4405ab · bb99a72b · bb99a72b · bb99a72b
Commit bb99a72b authored May 20, 2005 by Mark Andrews
--- a/CHANGES
+++ b/CHANGES
@@ -71,7 +71,8 @@

 1839.	[bug]		<isc/hash.h> was not being installed.

-1838.	[placeholder]	rt13707
+1838.	[cleanup]	Don't allow Linux capabilities to be inherited.
+			[RT #13707]

 1837.	[bug]		Compile time option ISC_FACILITY was not effective
 			for 'named -u <user>'.  [RT #13714]

--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: os.c,v 1.74 2005/04/27 04:56:02 sra Exp $ */
+/* $Id: os.c,v 1.75 2005/05/20 01:37:03 marka Exp $ */

 /*! \file */

@@ -164,7 +164,7 @@ linux_setcaps(unsigned int caps) {
 	memset(&cap, 0, sizeof(cap));
 	cap.effective = caps;
 	cap.permitted = caps;
-	cap.inheritable = caps;
+	cap.inheritable = 0;
 	if (syscall(SYS_capset, &caphead, &cap) < 0) {
 		isc__strerror(errno, strbuf, sizeof(strbuf));
 		ns_main_earlyfatal("capset failed: %s:"

--- a/doc/private/branches
+++ b/doc/private/branches
@@ -32,8 +32,8 @@ rt13587				review
 rt13606				open	marka	// TSIG SHA256
 rt13662				new	
 rt13694				new	
-rt13707				new	
-rt13714				13714	
+rt13707				closed	
+rt13714				closed	
 rt13753				new	
 rt13754				new	
 rt13771				new