setuid: use PR_SET_NO_NEW_PRIVS on Linux (#256)

https://01.org/linuxgraphics/gfx-docs/drm/userspace-api/no_new_privs.html
author: Shawn Landden <slandden@gmail.com> 2018-02-27 07:42:50 -0800
committer: GitHub <noreply@github.com> 2018-02-27 07:42:50 -0800
commit: 6bca444d69fbea935908efd624e2378888e8afc5 (patch)
tree: e9fd8e80a5f78bc1a9071f98b8f716c8fdc15e2b
parent: ec7db3c3509b5d92bae9c7fe55c9edb749dfb794 (diff)
download: distcc-git-6bca444d69fbea935908efd624e2378888e8afc5.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/src/setuid.c b/src/setuid.c
index 1a02680..d664b84 100644
--- a/src/setuid.c
+++ b/src/setuid.c
@@ -34,6 +34,12 @@
 #include "daemon.h"
 #include "exitcode.h"
 
+#ifdef __linux__
+#include <sys/prctl.h>
+#ifndef PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS     38
+#endif
+#endif
 
 const char *opt_user = "distcc";
 
@@ -133,6 +139,11 @@ int dcc_discard_root(void)
         return EXIT_SETUID_FAILED;
     }
 
+#ifdef __linux__
+    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == 0)
+        rs_trace("successfully set no_new_privs");
+#endif
+
     rs_trace("discarded root privileges, changed to uid=%d gid=%d", (int) uid, (int) gid);
     return 0;
 }
author	Shawn Landden <slandden@gmail.com>	2018-02-27 07:42:50 -0800
committer	GitHub <noreply@github.com>	2018-02-27 07:42:50 -0800
commit	6bca444d69fbea935908efd624e2378888e8afc5 (patch)
tree	e9fd8e80a5f78bc1a9071f98b8f716c8fdc15e2b
parent	ec7db3c3509b5d92bae9c7fe55c9edb749dfb794 (diff)
download	distcc-git-6bca444d69fbea935908efd624e2378888e8afc5.tar.gz