2 ## 16_min_privileges.dpatch by <mpitt@debian.org>
4 ## All lines beginning with `## DP:' are a description of the patch.
5 ## DP: when using USE_CAPABILITIES, the uid was not setuid() back to a normal
6 ## DP: user; this would allow to regain _all_ capabilities just by doing
7 ## DP: exec(). This patch ensures minimal privileges by immediately revoking
8 ## DP: root user and all capabilities except CAP_IPC_LOCK. After the shared
9 ## DP: memory is set up, this last capability is dropped as well.
12 echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
16 [ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
17 patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
20 -patch) patch -p1 ${patch_opts} < $0;;
21 -unpatch) patch -R -p1 ${patch_opts} < $0;;
23 echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
30 diff -urNad gnupg-1.4.0/g10/gpg.c /tmp/dpep.O5S02c/gnupg-1.4.0/g10/gpg.c
31 --- gnupg-1.4.0/g10/gpg.c 2004-12-16 09:47:36.000000000 +0000
32 +++ /tmp/dpep.O5S02c/gnupg-1.4.0/g10/gpg.c 2005-02-03 23:31:40.645873299 +0000
37 +#ifdef USE_CAPABILITIES
38 +#include <sys/capability.h>
39 +#include <sys/prctl.h>
42 enum cmd_and_opt_values
45 @@ -1618,6 +1623,10 @@
46 #ifdef USE_SHM_COPROCESSING
47 ulong requested_shm_size=0;
49 +#ifdef USE_CAPABILITIES
56 @@ -1629,6 +1638,33 @@
57 * when adding any stuff between here and the call to
58 * secmem_init() somewhere after the option parsing
61 + /* if we use capabilities and run as root, we can immediately setuid back
62 + * to the normal user and only keep CAP_IPC_LOCK until the shared memory is
65 +#ifdef USE_CAPABILITIES
66 + curr_uid = getuid();
67 + if( curr_uid && !geteuid() ) { /* we are setuid root */
68 + if( prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 ) ) {
69 + perror( "main(): could not keep capabilities" );
73 + if( setuid( curr_uid ) ) {
74 + perror( "main(): could not set user id" );
78 + caps = cap_from_text( "cap_ipc_lock=p" );
79 + if( cap_set_proc( caps ) ) {
80 + perror( "main(): could not install capabilities" );
88 secure_random_alloc(); /* put random number into secure memory */
89 may_coredump = disable_core_dumps();
93 /* initialize the secure memory. */
94 - got_secmem=secmem_init( 32768 );
95 + got_secmem=secmem_init( 32768 ); /* this will drop all remaining privileges */
97 /* Okay, we are now working under our real uid */