1838. [cleanup] Don't allow Linux capabilities to be inherited.

[RT #13707]
2025-09-03 08:05:21 +00:00 · 2005-05-20 01:37:03 +00:00
parent 3b4405aba9
commit bb99a72b21
3 changed files with 6 additions and 5 deletions
--- a/3
+++ b/3
@@ -71,7 +71,8 @@
 1839.	[bug]		<isc/hash.h> was not being installed.
-1838.	[placeholder]	rt13707
+1838.	[cleanup]	Don't allow Linux capabilities to be inherited.
 			[RT #13707]
 1837.	[bug]		Compile time option ISC_FACILITY was not effective
 			for 'named -u <user>'.  [RT #13714]
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */
-/* $Id: os.c,v 1.74 2005/04/27 04:56:02 sra Exp $ */
+/* $Id: os.c,v 1.75 2005/05/20 01:37:03 marka Exp $ */
 /*! \file */
@@ -164,7 +164,7 @@ linux_setcaps(unsigned int caps) {
 	memset(&cap, 0, sizeof(cap));
 	cap.effective = caps;
 	cap.permitted = caps;
-	cap.inheritable = caps;
+	cap.inheritable = 0;
 	if (syscall(SYS_capset, &caphead, &cap) < 0) {
 		isc__strerror(errno, strbuf, sizeof(strbuf));
 		ns_main_earlyfatal("capset failed: %s:"
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -32,8 +32,8 @@ rt13587				review
 rt13606				open	marka	// TSIG SHA256
 rt13662				new	
 rt13694				new	
-rt13707				new	
+rt13707				closed	
-rt13714				13714	
+rt13714				closed	
 rt13753				new	
 rt13754				new	
 rt13771				new