Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-08-17 18:18:39 -0400
committerMike Frysinger <vapier@gentoo.org>2015-08-20 10:38:38 -0400
commitbdf41eb2ecb9a7a72e3024d088e63edff2ddc0e5 (patch)
tree7c8cf990bf4eb2527facb723aec806598f659e35
parentsecurity: leverage namespaces to restrict the runtime a bit (diff)
downloadpax-utils-bdf41eb2ecb9a7a72e3024d088e63edff2ddc0e5.tar.gz
pax-utils-bdf41eb2ecb9a7a72e3024d088e63edff2ddc0e5.tar.bz2
pax-utils-bdf41eb2ecb9a7a72e3024d088e63edff2ddc0e5.zip
security: lock down privs a bit via prctl
Should prevent accidentally running set*id programs less of a problem.
Diffstat
-rw-r--r--porting.h4
-rw-r--r--security.c9
2 files changed, 13 insertions, 0 deletions
diff --git a/porting.h b/porting.h
index 9dea528..c93f0f8 100644
--- a/porting.h
+++ b/porting.h
@@ -42,6 +42,10 @@
#if !defined(__FreeBSD__) && !defined(__OpenBSD__)
# include <alloca.h>
#endif
+#if defined(__linux__)
+# include <sys/prctl.h>
+# include <linux/securebits.h>
+#endif
#if defined(__GLIBC__) || defined(__UCLIBC__)
# include <byteswap.h>
# include <endian.h>
diff --git a/security.c b/security.c
index 9b48a9a..3012212 100644
--- a/security.c
+++ b/security.c
@@ -69,6 +69,15 @@ void security_init(bool allow_forking)
if (!ALLOW_PIDNS)
allow_forking = true;
+ /* Drop all possible caps for us and our children. */
+ prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+ prctl(PR_SET_SECUREBITS,
+ SECBIT_KEEP_CAPS_LOCKED |
+ SECBIT_NO_SETUID_FIXUP |
+ SECBIT_NO_SETUID_FIXUP_LOCKED |
+ SECBIT_NOROOT |
+ SECBIT_NOROOT_LOCKED, 0, 0, 0);
+
/* None of the pax tools need access to these features. */
flags = CLONE_NEWIPC | CLONE_NEWUTS;
/* Would be nice to leverage mount/net ns, but they're just way too slow. */