aboutsummaryrefslogtreecommitdiffstats
path: root/main/libcap-ng/apply.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/libcap-ng/apply.patch')
-rw-r--r--main/libcap-ng/apply.patch119
1 files changed, 0 insertions, 119 deletions
diff --git a/main/libcap-ng/apply.patch b/main/libcap-ng/apply.patch
deleted file mode 100644
index 5fb9f189c0..0000000000
--- a/main/libcap-ng/apply.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From fda0224fea4f01b77bd07ac195b3baaaf1a28fca Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Fri, 20 Nov 2020 14:01:33 -0500
-Subject: [PATCH] In capng_apply, allow continuing in spite of errors
-
-In capng_apply, if we blow up trying to adjust the bounding set without
-proper permissions, continue into the capabilities in case they called
-with SELECT_BOTH and they don't bother checking the return code. This
-will at least leave the application in a potentially safer state.
----
- src/cap-ng.c | 56 +++++++++++++++++++++++++++++++++++++++-------------
- 1 file changed, 42 insertions(+), 14 deletions(-)
-
-diff --git a/src/cap-ng.c b/src/cap-ng.c
-index a9de370..1474326 100644
---- a/src/cap-ng.c
-+++ b/src/cap-ng.c
-@@ -680,6 +680,8 @@ int capng_updatev(capng_act_t action, capng_type_t type,
-
- int capng_apply(capng_select_t set)
- {
-+ int rc = 0;
-+
- // Before updating, we expect that the data is initialized to something
- if (m.state < CAPNG_INIT)
- return -1;
-@@ -695,52 +697,78 @@ int capng_apply(capng_select_t set)
- for (i=0; i <= last_cap; i++) {
- if (capng_have_capability(CAPNG_BOUNDING_SET,
- i) == 0) {
-- if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0)
-- return -2;
-+ if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0) {
-+ rc = -2;
-+ goto try_caps;
-+ }
- }
- }
- m.state = CAPNG_APPLIED;
-- if (get_bounding_set() < 0)
-- return -3;
-+ if (get_bounding_set() < 0) {
-+ rc = -3;
-+ goto try_caps;
-+ }
- } else {
- memcpy(&m, &state, sizeof(m)); /* restore state */
-- return -4;
-+ rc = -4;
-+ goto try_caps;
- }
- #endif
- }
-+
-+ // Try caps is here so that if someone had SELECT_BOTH and we blew up
-+ // doing the bounding set, we at least try to set any capabilities
-+ // before returning in case the caller also doesn't bother checking
-+ // the return code.
-+try_caps:
- if (set & CAPNG_SELECT_CAPS) {
- if (capset((cap_user_header_t)&m.hdr,
- (cap_user_data_t)&m.data) == 0)
- m.state = CAPNG_APPLIED;
- else
-- return -5;
-+ rc = -5;
- }
-- // Put ambient last so that inheritable and permitted are set
-+
-+ // Most programs do not and should not mess with ambient capabilities.
-+ // Instead of returning here if rc is set, we'll let it try to
-+ // do something with ambient capabilities in hopes that it's lowering
-+ // capabilities. Again, this is for people that don't check their
-+ // return codes.
-+ //
-+ // Do ambient last so that inheritable and permitted are set by the
-+ // time we get here.
- if (set & CAPNG_SELECT_AMBIENT) {
- #ifdef PR_CAP_AMBIENT
- if (capng_have_capabilities(CAPNG_SELECT_AMBIENT) ==
- CAPNG_NONE) {
- if (prctl(PR_CAP_AMBIENT,
-- PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0)
-- return -6;
-+ PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0) {
-+ rc = -6;
-+ goto out;
-+ }
- } else {
- unsigned int i;
-
- // Clear them all
- if (prctl(PR_CAP_AMBIENT,
-- PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0)
-- return -7;
-+ PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0) {
-+ rc = -7;
-+ goto out;
-+ }
- for (i=0; i <= last_cap; i++) {
- if (capng_have_capability(CAPNG_AMBIENT, i))
- if (prctl(PR_CAP_AMBIENT,
-- PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0)
-- return -8;
-+ PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0){
-+ rc = -8;
-+ goto out;
-+ }
- }
- }
- m.state = CAPNG_APPLIED;
- #endif
- }
-- return 0;
-+out:
-+ return rc;
- }
-
- #ifdef VFS_CAP_U32