diff options
author | Shawn Landden <slandden@gmail.com> | 2018-02-27 07:42:50 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-27 07:42:50 -0800 |
commit | 6bca444d69fbea935908efd624e2378888e8afc5 (patch) | |
tree | e9fd8e80a5f78bc1a9071f98b8f716c8fdc15e2b | |
parent | ec7db3c3509b5d92bae9c7fe55c9edb749dfb794 (diff) | |
download | distcc-git-6bca444d69fbea935908efd624e2378888e8afc5.tar.gz |
setuid: use PR_SET_NO_NEW_PRIVS on Linux (#256)
https://01.org/linuxgraphics/gfx-docs/drm/userspace-api/no_new_privs.html
-rw-r--r-- | src/setuid.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/setuid.c b/src/setuid.c index 1a02680..d664b84 100644 --- a/src/setuid.c +++ b/src/setuid.c @@ -34,6 +34,12 @@ #include "daemon.h" #include "exitcode.h" +#ifdef __linux__ +#include <sys/prctl.h> +#ifndef PR_SET_NO_NEW_PRIVS +#define PR_SET_NO_NEW_PRIVS 38 +#endif +#endif const char *opt_user = "distcc"; @@ -133,6 +139,11 @@ int dcc_discard_root(void) return EXIT_SETUID_FAILED; } +#ifdef __linux__ + if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == 0) + rs_trace("successfully set no_new_privs"); +#endif + rs_trace("discarded root privileges, changed to uid=%d gid=%d", (int) uid, (int) gid); return 0; } |