1838. [cleanup] Don't allow Linux capabilities to be inherited.

[RT #13707]

CHANGES

@@ -71,7 +71,8 @@
 
 1839.	[bug]		<isc/hash.h> was not being installed.
 
-1838.	[placeholder]	rt13707
+1838.	[cleanup]	Don't allow Linux capabilities to be inherited.
+			[RT #13707]
 
 1837.	[bug]		Compile time option ISC_FACILITY was not effective
 			for 'named -u <user>'.  [RT #13714]

bin/named/unix/os.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: os.c,v 1.74 2005/04/27 04:56:02 sra Exp $ */
+/* $Id: os.c,v 1.75 2005/05/20 01:37:03 marka Exp $ */
 
 /*! \file */
 
@@ -164,7 +164,7 @@ linux_setcaps(unsigned int caps) {
 	memset(&cap, 0, sizeof(cap));
 	cap.effective = caps;
 	cap.permitted = caps;
-	cap.inheritable = caps;
+	cap.inheritable = 0;
 	if (syscall(SYS_capset, &caphead, &cap) < 0) {
 		isc__strerror(errno, strbuf, sizeof(strbuf));
 		ns_main_earlyfatal("capset failed: %s:"

doc/private/branches

@@ -32,8 +32,8 @@ rt13587				review
 rt13606				open	marka	// TSIG SHA256
 rt13662				new	
 rt13694				new	
-rt13707				new	
-rt13714				13714	
+rt13707				closed	
+rt13714				closed	
 rt13753				new	
 rt13754				new	
 rt13771				new