-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
If you run newrole as root and it drops capabilities, the next shell script
does not have any capabilities and can not function.
newrole -L TopSecret
Would end up with a root shell and no capabilities.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/JEIgACgkQrlYvE4MpobPH9ACfUrUOvNr3QavxkJrGHxPlf6fC
wh0An2y3xa3Ns71EtaaiiU9BUC0X9bEY
=Davq
-----END PGP SIGNATURE-----
>From fe02722bb8cc19d2101296fcf8b96778450a9ecb Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 4 Oct 2011 08:33:41 -0400
Subject: [PATCH 08/90] policycoreutils: newrole: FIXME do not drop
capabilities when newrole is run as root
changelog and review needed.
NOT-Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/newrole/newrole.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index ecf4cf7..989817b 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -543,14 +543,14 @@ static int restore_environment(int preserve_environment,
#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
static int drop_capabilities(int full)
{
+ uid_t uid = getuid();
+ if (!uid) return 0;
+
capng_setpid(getpid());
capng_clear(CAPNG_SELECT_BOTH);
if (capng_lock() < 0)
return -1;
- uid_t uid = getuid();
- if (!uid) return 0;
-
/* Change uid */
if (setresuid(uid, uid, uid)) {
fprintf(stderr, _("Error changing uid, aborting.\n"));
--
1.7.10.2
