mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

2493. [bug] The linux capabilites code was not correctly cleaning

Browse Source 
up after itself. [RT #18767]
This commit is contained in:
Mark Andrews 2008-11-14 05:08:48 +00:00
parent d5be219ff7
commit ef4eed2a2a
2 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,3 +1,6 @@
2493. [bug] The linux capabilites code was not correctly cleaning
up after itself. [RT #18767]
2492. [func] Rndc status now reports the number of cpus discovered 2492. [func] Rndc status now reports the number of cpus discovered
and the number of worker threads when running and the number of worker threads when running
multi-threaded. [RT #18273] multi-threaded. [RT #18273]

28
bin/named/unix/os.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: os.c,v 1.88 2008/11/06 05:30:24 marka Exp $ */ /* $Id: os.c,v 1.89 2008/11/14 05:08:48 marka Exp $ */
/*! \file */ /*! \file */
@ -196,7 +196,7 @@ linux_setcaps(cap_t caps) {
do { \ do { \
capval = (flag); \ capval = (flag); \
cap_flag_value_t curval; \ cap_flag_value_t curval; \
err = cap_get_flag(cap_get_proc(), capval, CAP_PERMITTED, &curval); \ err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \
if (err != -1 && curval) { \ if (err != -1 && curval) { \
err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \ err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \
if (err == -1) { \ if (err == -1) { \
@ -218,16 +218,27 @@ linux_setcaps(cap_t caps) {
isc__strerror(errno, strbuf, sizeof(strbuf)); \ isc__strerror(errno, strbuf, sizeof(strbuf)); \
ns_main_earlyfatal("cap_init failed: %s", strbuf); \ ns_main_earlyfatal("cap_init failed: %s", strbuf); \
} \ } \
curcaps = cap_get_proc(); \
if (curcaps == NULL) { \
isc__strerror(errno, strbuf, sizeof(strbuf)); \
ns_main_earlyfatal("cap_get_proc failed: %s", strbuf); \
} \
} while (0)
#define FREE_CAP \
{ \
cap_free(caps); \
cap_free(curcaps); \
} while (0) } while (0)
#else #else
#define SET_CAP(flag) { caps |= (1 << (flag)); } #define SET_CAP(flag) do { caps |= (1 << (flag)); } while (0)
#define INIT_CAP { caps = 0; } #define INIT_CAP do { caps = 0; } while (0)
#endif /* HAVE_LIBCAP */ #endif /* HAVE_LIBCAP */
static void static void
linux_initialprivs(void) { linux_initialprivs(void) {
cap_t caps; cap_t caps;
#ifdef HAVE_LIBCAP #ifdef HAVE_LIBCAP
cap_t curcaps;
cap_value_t capval; cap_value_t capval;
char strbuf[ISC_STRERRORSIZE]; char strbuf[ISC_STRERRORSIZE];
int err; int err;
@ -281,12 +292,17 @@ linux_initialprivs(void) {
SET_CAP(CAP_SYS_RESOURCE); SET_CAP(CAP_SYS_RESOURCE);
linux_setcaps(caps); linux_setcaps(caps);
#ifdef HAVE_LIBCAP
FREE_CAP;
#endif
} }
static void static void
linux_minprivs(void) { linux_minprivs(void) {
cap_t caps; cap_t caps;
#ifdef HAVE_LIBCAP #ifdef HAVE_LIBCAP
cap_t curcaps;
cap_value_t capval; cap_value_t capval;
char strbuf[ISC_STRERRORSIZE]; char strbuf[ISC_STRERRORSIZE];
int err; int err;
@ -313,6 +329,10 @@ linux_minprivs(void) {
SET_CAP(CAP_SYS_RESOURCE); SET_CAP(CAP_SYS_RESOURCE);
linux_setcaps(caps); linux_setcaps(caps);
#ifdef HAVE_LIBCAP
FREE_CAP;
#endif
} }
#ifdef HAVE_SYS_PRCTL_H #ifdef HAVE_SYS_PRCTL_H