diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index 1571b88be9..7ca80d5d4e 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -59,49 +59,6 @@ static int singletonfd = -1; #define ISC_FACILITY LOG_DAEMON #endif -/* - * If there's no , we don't care about - */ -#ifndef HAVE_SYS_CAPABILITY_H -#undef HAVE_SYS_PRCTL_H -#endif - -/* - * Linux defines: - * (C) HAVE_SYS_CAPABILITY_H - * (P) HAVE_SYS_PRCTL_H - * The possible cases are: - * none: setuid() normally - * T: no setuid() - * C: setuid() normally, drop caps (keep CAP_SETUID) - * T+C: no setuid(), drop caps (don't keep CAP_SETUID) - * T+C+P: setuid() early, drop caps (keep CAP_SETUID) - * C+P: setuid() normally, drop caps (keep CAP_SETUID) - * P: not possible - * T+P: not possible - * - * if (C) - * caps = BIND_SERVICE + CHROOT + SETGID - * if ((T && C && P) || !T) - * caps += SETUID - * endif - * capset(caps) - * endif - * if (T && C && P && -u) - * setuid() - * else if (T && -u) - * fail - * --> start threads - * if (!T && -u) - * setuid() - * if (C && (P || !-u)) - * caps = BIND_SERVICE - * capset(caps) - * endif - * - * It will be nice when Linux threads work properly with setuid(). - */ - static struct passwd *runas_pw = NULL; static bool done_setuid = false; static int dfd[2] = { -1, -1 }; @@ -112,10 +69,7 @@ static bool non_root = false; static bool non_root_caps = false; #include - -#ifdef HAVE_SYS_PRCTL_H -#include /* Required for prctl(). */ -#endif /* HAVE_SYS_PRCTL_H */ +#include static void linux_setcaps(cap_t caps) { @@ -196,15 +150,11 @@ linux_initialprivs(void) { */ SET_CAP(CAP_SYS_CHROOT); -#if defined(HAVE_SYS_PRCTL_H) /* - * We can setuid() only if either the kernel supports keeping - * capabilities after setuid() (which we don't know until we've - * tried) or we're not using threads. If either of these is - * true, we want the setuid capability. + * We need setuid() as the kernel supports keeping capabilities after + * setuid(). */ SET_CAP(CAP_SETUID); -#endif /* * Since we call initgroups, we need this. @@ -270,7 +220,6 @@ linux_minprivs(void) { FREE_CAP; } -#ifdef HAVE_SYS_PRCTL_H static void linux_keepcaps(void) { char strbuf[ISC_STRERRORSIZE]; @@ -290,11 +239,9 @@ linux_keepcaps(void) { non_root = true; } } -#endif #endif /* HAVE_SYS_CAPABILITY_H */ - static void setup_syslog(const char *progname) { int options; @@ -497,7 +444,7 @@ named_os_changeuser(void) { named_main_earlyfatal("setuid(): %s", strbuf); } -#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) +#if defined(PR_SET_DUMPABLE) /* * Restore the ability of named to drop core after the setuid() * call has disabled it. @@ -540,11 +487,8 @@ named_os_adjustnofile(void) { void named_os_minprivs(void) { -#ifdef HAVE_SYS_PRCTL_H - linux_keepcaps(); -#endif - #if defined(HAVE_SYS_CAPABILITY_H) + linux_keepcaps(); linux_minprivs(); #endif } diff --git a/config.h.in b/config.h.in index 088bd4d4b0..18cd748b74 100644 --- a/config.h.in +++ b/config.h.in @@ -363,9 +363,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_PARAM_H -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PRCTL_H - /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SELECT_H diff --git a/configure b/configure index 4dbc0c81c6..d10db7f43b 100755 --- a/configure +++ b/configure @@ -17709,19 +17709,6 @@ $as_echo "no" >&6; } fi -for ac_header in sys/prctl.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "sys/prctl.h" "ac_cv_header_sys_prctl_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_prctl_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_PRCTL_H 1 -_ACEOF - -fi - -done - - for ac_header in sys/un.h do : ac_fn_c_check_header_mongrel "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" "$ac_includes_default" diff --git a/configure.in b/configure.in index e4654d5807..1210ed5c4c 100644 --- a/configure.in +++ b/configure.in @@ -1891,8 +1891,6 @@ AS_IF([test "$enable_linux_caps" = "yes"], [AC_MSG_RESULT([no])]) AC_SUBST([LIBCAP_LIBS]) -AC_CHECK_HEADERS(sys/prctl.h) - AC_CHECK_HEADERS(sys/un.h, ISC_PLATFORM_HAVESYSUNH="#define ISC_PLATFORM_HAVESYSUNH 1" ,