Commit bb99a72b authored by Mark Andrews's avatar Mark Andrews
Browse files

1838. [cleanup] Don't allow Linux capabilities to be inherited.

                        [RT #13707]
parent 3b4405ab
...@@ -71,7 +71,8 @@ ...@@ -71,7 +71,8 @@
1839. [bug] <isc/hash.h> was not being installed. 1839. [bug] <isc/hash.h> was not being installed.
1838. [placeholder] rt13707 1838. [cleanup] Don't allow Linux capabilities to be inherited.
[RT #13707]
1837. [bug] Compile time option ISC_FACILITY was not effective 1837. [bug] Compile time option ISC_FACILITY was not effective
for 'named -u <user>'. [RT #13714] for 'named -u <user>'. [RT #13714]
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: os.c,v 1.74 2005/04/27 04:56:02 sra Exp $ */ /* $Id: os.c,v 1.75 2005/05/20 01:37:03 marka Exp $ */
/*! \file */ /*! \file */
...@@ -164,7 +164,7 @@ linux_setcaps(unsigned int caps) { ...@@ -164,7 +164,7 @@ linux_setcaps(unsigned int caps) {
memset(&cap, 0, sizeof(cap)); memset(&cap, 0, sizeof(cap));
cap.effective = caps; cap.effective = caps;
cap.permitted = caps; cap.permitted = caps;
cap.inheritable = caps; cap.inheritable = 0;
if (syscall(SYS_capset, &caphead, &cap) < 0) { if (syscall(SYS_capset, &caphead, &cap) < 0) {
isc__strerror(errno, strbuf, sizeof(strbuf)); isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("capset failed: %s:" ns_main_earlyfatal("capset failed: %s:"
......
...@@ -32,8 +32,8 @@ rt13587 review ...@@ -32,8 +32,8 @@ rt13587 review
rt13606 open marka // TSIG SHA256 rt13606 open marka // TSIG SHA256
rt13662 new rt13662 new
rt13694 new rt13694 new
rt13707 new rt13707 closed
rt13714 13714 rt13714 closed
rt13753 new rt13753 new
rt13754 new rt13754 new
rt13771 new rt13771 new
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment