diff options
author | Mike Frysinger <vapier@gentoo.org> | 2015-08-17 18:18:39 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2015-08-20 10:38:38 -0400 |
commit | bdf41eb2ecb9a7a72e3024d088e63edff2ddc0e5 (patch) | |
tree | 7c8cf990bf4eb2527facb723aec806598f659e35 /security.c | |
parent | security: leverage namespaces to restrict the runtime a bit (diff) | |
download | pax-utils-bdf41eb2ecb9a7a72e3024d088e63edff2ddc0e5.tar.gz pax-utils-bdf41eb2ecb9a7a72e3024d088e63edff2ddc0e5.tar.bz2 pax-utils-bdf41eb2ecb9a7a72e3024d088e63edff2ddc0e5.zip |
security: lock down privs a bit via prctl
Should prevent accidentally running set*id programs less of a problem.
Diffstat (limited to 'security.c')
-rw-r--r-- | security.c | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -69,6 +69,15 @@ void security_init(bool allow_forking) if (!ALLOW_PIDNS) allow_forking = true; + /* Drop all possible caps for us and our children. */ + prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + prctl(PR_SET_SECUREBITS, + SECBIT_KEEP_CAPS_LOCKED | + SECBIT_NO_SETUID_FIXUP | + SECBIT_NO_SETUID_FIXUP_LOCKED | + SECBIT_NOROOT | + SECBIT_NOROOT_LOCKED, 0, 0, 0); + /* None of the pax tools need access to these features. */ flags = CLONE_NEWIPC | CLONE_NEWUTS; /* Would be nice to leverage mount/net ns, but they're just way too slow. */ |