commit a128248dbcab3d15da72bdc77c53cbde8de0baa1 Author: Miroslav Lichvar Date: Fri Nov 22 18:19:43 2013 +0100 Don't keep cap_sys_time capability. It's not necessary to keep the capability since time_pps_setparams is called before root privileges are dropped. Signed-off-by: Eric S. Raymond diff --git a/SConstruct b/SConstruct index 4332fe4..c5120ae 100644 --- a/SConstruct +++ b/SConstruct @@ -455,7 +455,6 @@ if env.GetOption("clean") or env.GetOption("help"): rtlibs = [] usblibs = [] bluezlibs = [] - caplibs = [] ncurseslibs = [] confdefs = [] manbuilder = False @@ -558,14 +557,6 @@ else: confdefs.append("/* #undef HAVE_LIBRT */\n") rtlibs = [] - if config.CheckLib('libcap'): - confdefs.append("#define HAVE_LIBCAP 1\n") - # System library - no special flags - caplibs = ["-lcap"] - else: - confdefs.append("/* #undef HAVE_LIBCAP */\n") - caplibs = [] - if env['dbus_export'] and config.CheckPKG('dbus-1'): confdefs.append("#define HAVE_DBUS 1\n") dbus_libs = pkg_config('dbus-1') @@ -957,7 +948,7 @@ if qt_env: # The libraries have dependencies on system libraries gpslibs = ["-lgps", "-lm"] -gpsdlibs = ["-lgpsd"] + usblibs + bluezlibs + gpslibs + caplibs +gpsdlibs = ["-lgpsd"] + usblibs + bluezlibs + gpslibs # We need to be able to make a static client library for ad-hoc testing. diff --git a/gpsd.c b/gpsd.c index 76d1850..d7fce5f 100644 --- a/gpsd.c +++ b/gpsd.c @@ -44,11 +44,6 @@ #include "gpsd_config.h" -#if defined(HAVE_LIBCAP) && !defined(S_SPLINT_S) -#include -#include -#endif /* HAVE_LIBCAP */ - #include "gpsd.h" #include "sockaddr.h" #include "gps_json.h" @@ -2039,13 +2034,6 @@ int main(int argc, char *argv[]) struct passwd *pw; struct stat stb; -#if defined(HAVE_LIBCAP) && !defined(S_SPLINT_S) - /* set flag: keep privileges across setuid() call */ - if (prctl(PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L) == -1) - gpsd_report(context.debug, LOG_ERR, - "prctl(PR_SET_KEEPCAPS, 1L ) failed\n"); -#endif /* HAVE_LIBCAP */ - /* make default devices accessible even after we drop privileges */ for (i = optind; i < argc; i++) /* coverity[toctou] */ @@ -2091,21 +2079,6 @@ int main(int argc, char *argv[]) "setuid() failed, errno %s\n", strerror(errno)); /*@+type@*/ - - #if defined(HAVE_LIBCAP) && !defined(S_SPLINT_S) - /* drop root capabilities, except CAP_SYS_TIME for 1PPS support */ - { - cap_t caps = cap_from_text("cap_sys_time=pe"); - - if (!caps) - gpsd_report(context.debug, LOG_ERR, "cap_from_text() failed.\n"); - else if (cap_set_proc(caps) == -1) { - gpsd_report(context.debug, LOG_ERR, - "cap_set_proc() failed to drop root privs\n"); - cap_free(caps); - } - } -#endif /* HAVE_LIBCAP */ } gpsd_report(context.debug, LOG_INF, "running with effective group ID %d\n", getegid());