diff options
author | Werner Koch <wk@gnupg.org> | 2015-09-07 14:02:09 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2015-09-07 14:02:09 +0200 |
commit | 3a3d5410cc83f7069c7cb1ab384905f382292d32 (patch) | |
tree | c450f8933b592c92f48d02c94dfc028fce544e26 | |
parent | e97c62a4a687b56d00a2d0a63e072a977f8eb81c (diff) | |
download | libgcrypt-3a3d5410cc83f7069c7cb1ab384905f382292d32.tar.gz |
Improve GCRYCTL_DISABLE_PRIV_DROP by also disabling cap_ calls.
* src/secmem.c (lock_pool, secmem_init): Do not call any cap_
functions if NO_PRIV_DROP is set.
Signed-off-by: Werner Koch <wk@gnupg.org>
-rw-r--r-- | src/secmem.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/src/secmem.c b/src/secmem.c index 2109bc2c..c4e8414e 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -245,15 +245,21 @@ lock_pool (void *p, size_t n) { cap_t cap; - cap = cap_from_text ("cap_ipc_lock+ep"); - cap_set_proc (cap); - cap_free (cap); + if (!no_priv_drop) + { + cap = cap_from_text ("cap_ipc_lock+ep"); + cap_set_proc (cap); + cap_free (cap); + } err = no_mlock? 0 : mlock (p, n); if (err && errno) err = errno; - cap = cap_from_text ("cap_ipc_lock+p"); - cap_set_proc (cap); - cap_free(cap); + if (!no_priv_drop) + { + cap = cap_from_text ("cap_ipc_lock+p"); + cap_set_proc (cap); + cap_free(cap); + } } if (err) @@ -485,13 +491,14 @@ secmem_init (size_t n) { #ifdef USE_CAPABILITIES /* drop all capabilities */ - { - cap_t cap; + if (!no_priv_drop) + { + cap_t cap; - cap = cap_from_text ("all-eip"); - cap_set_proc (cap); - cap_free (cap); - } + cap = cap_from_text ("all-eip"); + cap_set_proc (cap); + cap_free (cap); + } #elif !defined(HAVE_DOSISH_SYSTEM) uid_t uid; @@ -539,7 +546,7 @@ _gcry_secmem_init (size_t n) gcry_err_code_t _gcry_secmem_module_init () { - /* No anymore needed. */ + /* Not anymore needed. */ return 0; } |