9fc4059e0e
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/gnome-keyring.git#657c90b7b52ae9cb228f277dba2a2113bb4ed068
87 lines
3.1 KiB
Diff
87 lines
3.1 KiB
Diff
diff -urp gnome-keyring-3.36.0.orig/daemon/gkd-capability.c gnome-keyring-3.36.0/daemon/gkd-capability.c
|
|
--- gnome-keyring-3.36.0.orig/daemon/gkd-capability.c 2018-06-25 00:15:03.000000000 -0400
|
|
+++ gnome-keyring-3.36.0/daemon/gkd-capability.c 2020-10-16 11:33:02.244614471 -0400
|
|
@@ -1,7 +1,7 @@
|
|
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
|
|
/* gkd-capability.c - the security-critical initial phase of the daemon
|
|
*
|
|
- * Copyright (C) 2011 Steve Grubb
|
|
+ * Copyright (C) 2011,2020 Steve Grubb
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as
|
|
@@ -35,9 +35,10 @@
|
|
|
|
/* No logging, no gettext */
|
|
static void
|
|
-early_error (const char *err_string)
|
|
+early_error (const char *err_string, int rc)
|
|
{
|
|
- fprintf (stderr, "gnome-keyring-daemon: %s, aborting\n", err_string);
|
|
+ fprintf (stderr, "gnome-keyring-daemon: %s - %d, aborting\n",
|
|
+ err_string, rc);
|
|
exit (1);
|
|
}
|
|
|
|
@@ -64,6 +65,8 @@ void
|
|
gkd_capability_obtain_capability_and_drop_privileges (void)
|
|
{
|
|
#ifdef HAVE_LIBCAPNG
|
|
+ int rc;
|
|
+
|
|
capng_get_caps_process ();
|
|
switch (capng_have_capabilities (CAPNG_SELECT_CAPS))
|
|
{
|
|
@@ -73,32 +76,35 @@ gkd_capability_obtain_capability_and_dro
|
|
capng_update (CAPNG_ADD,
|
|
CAPNG_EFFECTIVE|CAPNG_PERMITTED,
|
|
CAP_IPC_LOCK);
|
|
- if (capng_change_id (getuid (), getgid (), 0))
|
|
- early_error ("failed dropping capabilities");
|
|
+ if ((rc = capng_change_id (getuid (), getgid (),
|
|
+ CAPNG_DROP_SUPP_GRP|
|
|
+ CAPNG_CLEAR_BOUNDING)))
|
|
+ early_error ("failed dropping capabilities",
|
|
+ rc);
|
|
break;
|
|
case CAPNG_FAIL:
|
|
- early_error ("error getting process capabilities");
|
|
+ early_error ("error getting process capabilities", 0);
|
|
break;
|
|
case CAPNG_NONE:
|
|
early_warning ("insufficient process capabilities, insecure memory might get used");
|
|
break;
|
|
case CAPNG_PARTIAL: /* File system based capabilities */
|
|
- if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) {
|
|
+ if (!capng_have_capability (CAPNG_EFFECTIVE,
|
|
+ CAP_IPC_LOCK))
|
|
early_warning ("insufficient process capabilities, insecure memory might get used");
|
|
- /* Drop all capabilities */
|
|
+
|
|
+ /* If we don't have CAP_SETPCAP, we can't do anything */
|
|
+ if (capng_have_capability (CAPNG_EFFECTIVE,
|
|
+ CAP_SETPCAP)) {
|
|
+ /* Drop all capabilities except ipc_lock */
|
|
capng_clear (CAPNG_SELECT_BOTH);
|
|
- capng_apply (CAPNG_SELECT_BOTH);
|
|
- break;
|
|
+ if ((rc = capng_update (CAPNG_ADD,
|
|
+ CAPNG_EFFECTIVE|CAPNG_PERMITTED,
|
|
+ CAP_IPC_LOCK)) != 0)
|
|
+ early_error ("error updating process capabilities", rc);
|
|
+ if ((rc = capng_apply (CAPNG_SELECT_BOTH)) != 0)
|
|
+ early_error ("error dropping process capabilities", rc);
|
|
}
|
|
-
|
|
- /* Drop all capabilities except ipc_lock */
|
|
- capng_clear (CAPNG_SELECT_BOTH);
|
|
- if (capng_update (CAPNG_ADD,
|
|
- CAPNG_EFFECTIVE|CAPNG_PERMITTED,
|
|
- CAP_IPC_LOCK) != 0)
|
|
- early_error ("error dropping process capabilities");
|
|
- if (capng_apply (CAPNG_SELECT_BOTH) != 0)
|
|
- early_error ("error dropping process capabilities");
|
|
break;
|
|
}
|
|
#endif /* HAVE_LIBCAPNG */
|