diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2021-10-14 02:47:03 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2021-10-14 13:17:43 +0200 |
commit | 9f1724ad1e85eac0c64619576d8dfb832e1a688b (patch) | |
tree | 8daf4cee22485273d409050e673a999de67aba9c | |
parent | 32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05 (diff) | |
download | passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.gz passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.bz2 passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.lz passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.xz passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.zst passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.zip |
passt: Drop all capabilities that we might have, except for CAP_NET_BIND_SERVICE
While it's not recommended to give passt any capability, drop all the
ones we might have got by mistake, except for the only sensible one,
CAP_NET_BIND_SERVICE.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r-- | passt.c | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -55,6 +55,7 @@ #include <sys/prctl.h> #include <linux/filter.h> #include <stddef.h> +#include <linux/capability.h> #include "seccomp.h" #include "util.h" @@ -186,6 +187,21 @@ static void seccomp(struct ctx *c) } /** + * drop_caps() - Drop capabilities we might have except for CAP_NET_BIND_SERVICE + */ +static void drop_caps(void) +{ + int i; + + for (i = 0; i < 64; i++) { + if (i == CAP_NET_BIND_SERVICE) + continue; + + prctl(PR_CAPBSET_DROP, i, 0, 0, 0); + } +} + +/** * main() - Entry point and main loop * @argc: Argument count * @argv: Options, plus optional target PID for pasta mode @@ -207,6 +223,8 @@ int main(int argc, char **argv) char *log_name; int nfds, i; + drop_caps(); + if (strstr(argv[0], "pasta") || strstr(argv[0], "passt4netns")) { struct sigaction sa; |