aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2021-10-14 02:47:03 +0200
committerStefano Brivio <sbrivio@redhat.com>2021-10-14 13:17:43 +0200
commit9f1724ad1e85eac0c64619576d8dfb832e1a688b (patch)
tree8daf4cee22485273d409050e673a999de67aba9c
parent32d07f5e59f2372939a7c99c4c4bcbb5f60b0e05 (diff)
downloadpasst-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar
passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.gz
passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.bz2
passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.lz
passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.xz
passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.tar.zst
passt-9f1724ad1e85eac0c64619576d8dfb832e1a688b.zip
passt: Drop all capabilities that we might have, except for CAP_NET_BIND_SERVICE
While it's not recommended to give passt any capability, drop all the ones we might have got by mistake, except for the only sensible one, CAP_NET_BIND_SERVICE. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r--passt.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/passt.c b/passt.c
index e8f4e62..9b55260 100644
--- a/passt.c
+++ b/passt.c
@@ -55,6 +55,7 @@
#include <sys/prctl.h>
#include <linux/filter.h>
#include <stddef.h>
+#include <linux/capability.h>
#include "seccomp.h"
#include "util.h"
@@ -186,6 +187,21 @@ static void seccomp(struct ctx *c)
}
/**
+ * drop_caps() - Drop capabilities we might have except for CAP_NET_BIND_SERVICE
+ */
+static void drop_caps(void)
+{
+ int i;
+
+ for (i = 0; i < 64; i++) {
+ if (i == CAP_NET_BIND_SERVICE)
+ continue;
+
+ prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
+ }
+}
+
+/**
* main() - Entry point and main loop
* @argc: Argument count
* @argv: Options, plus optional target PID for pasta mode
@@ -207,6 +223,8 @@ int main(int argc, char **argv)
char *log_name;
int nfds, i;
+ drop_caps();
+
if (strstr(argv[0], "pasta") || strstr(argv[0], "passt4netns")) {
struct sigaction sa;