Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
halo
system_netd
Commits
4ea5bd05
Commit
4ea5bd05
authored
12 years ago
by
Nick Kralevich
Committed by
Gerrit Code Review
12 years ago
Browse files
Options
Download
Plain Diff
Merge "Revert "netd: reduce privileges""
parents
30583ec3
59d2d45f
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
0 additions
and
39 deletions
+0
-39
main.cpp
main.cpp
+0
-39
No files found.
main.cpp
View file @
4ea5bd05
...
...
@@ -22,8 +22,6 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/capability.h>
#include <linux/prctl.h>
#include <fcntl.h>
#include <dirent.h>
...
...
@@ -41,42 +39,6 @@ static void coldboot(const char *path);
static
void
sigchld_handler
(
int
sig
);
static
void
blockSigpipe
();
static
void
dropPrivileges
()
{
struct
__user_cap_header_struct
header
;
struct
__user_cap_data_struct
cap
[
2
];
int
i
;
int
result
;
// First drop unneeded capabilities from our bounding set,
// which affects children we exec.
for
(
i
=
0
;
prctl
(
PR_CAPBSET_READ
,
i
,
0
,
0
,
0
)
>=
0
;
i
++
)
{
if
(
i
==
CAP_NET_ADMIN
||
i
==
CAP_NET_RAW
)
{
continue
;
}
result
=
prctl
(
PR_CAPBSET_DROP
,
i
,
0
,
0
,
0
);
if
(
result
!=
0
)
{
perror
(
"PR_CAPBSET_DROP failed: unable to drop privileges"
);
exit
(
1
);
}
}
// Then drop capabilities from the current process.
memset
(
&
header
,
0
,
sizeof
(
header
));
memset
(
cap
,
0
,
sizeof
(
cap
));
header
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
header
.
pid
=
0
;
cap
[
CAP_TO_INDEX
(
CAP_NET_ADMIN
)].
effective
|=
CAP_TO_MASK
(
CAP_NET_ADMIN
);
cap
[
CAP_TO_INDEX
(
CAP_NET_ADMIN
)].
permitted
|=
CAP_TO_MASK
(
CAP_NET_ADMIN
);
cap
[
CAP_TO_INDEX
(
CAP_NET_RAW
)].
effective
|=
CAP_TO_MASK
(
CAP_NET_RAW
);
cap
[
CAP_TO_INDEX
(
CAP_NET_RAW
)].
permitted
|=
CAP_TO_MASK
(
CAP_NET_RAW
);
result
=
capset
(
&
header
,
cap
);
if
(
result
!=
0
)
{
perror
(
"capset failed: unable to drop privileges"
);
exit
(
1
);
}
}
int
main
()
{
CommandListener
*
cl
;
...
...
@@ -85,7 +47,6 @@ int main() {
MDnsSdListener
*
mdnsl
;
ALOGI
(
"Netd 1.0 starting"
);
dropPrivileges
();
// signal(SIGCHLD, sigchld_handler);
blockSigpipe
();
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment