Improve GCRYCTL_DISABLE_PRIV_DROP by also disabling cap_ calls.

* src/secmem.c (lock_pool, secmem_init): Do not call any cap_
functions if NO_PRIV_DROP is set.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 20 insertions, 13 deletions

diff --git a/src/secmem.c b/src/secmem.c
index 2109bc2c..c4e8414e 100644
--- a/src/secmem.c
+++ b/src/secmem.c
@@ -245,15 +245,21 @@ lock_pool (void *p, size_t n)
   {
     cap_t cap;
 
-    cap = cap_from_text ("cap_ipc_lock+ep");
-    cap_set_proc (cap);
-    cap_free (cap);
+    if (!no_priv_drop)
+      {
+        cap = cap_from_text ("cap_ipc_lock+ep");
+        cap_set_proc (cap);
+        cap_free (cap);
+      }
     err = no_mlock? 0 : mlock (p, n);
     if (err && errno)
       err = errno;
-    cap = cap_from_text ("cap_ipc_lock+p");
-    cap_set_proc (cap);
-    cap_free(cap);
+    if (!no_priv_drop)
+      {
+        cap = cap_from_text ("cap_ipc_lock+p");
+        cap_set_proc (cap);
+        cap_free(cap);
+      }
   }
 
   if (err)
@@ -485,13 +491,14 @@ secmem_init (size_t n)
     {
 #ifdef USE_CAPABILITIES
       /* drop all capabilities */
-      {
-        cap_t cap;
+      if (!no_priv_drop)
+        {
+          cap_t cap;
 
-        cap = cap_from_text ("all-eip");
-        cap_set_proc (cap);
-        cap_free (cap);
-      }
+          cap = cap_from_text ("all-eip");
+          cap_set_proc (cap);
+          cap_free (cap);
+        }
 
 #elif !defined(HAVE_DOSISH_SYSTEM)
       uid_t uid;
@@ -539,7 +546,7 @@ _gcry_secmem_init (size_t n)
 gcry_err_code_t
 _gcry_secmem_module_init ()
 {
-  /* No anymore needed.  */
+  /* Not anymore needed.  */
   return 0;
 }