Set PR_SET_NO_NEW_PRIVS

This means no process in the app can gain any kind of extra privs during exec() (for instance setuid of file caps).
2015-02-08 10:15:21 +01:00 · 2015-02-08 10:15:21 +01:00 · 3ef9c13598
parent 79b12777bf
commit 3ef9c13598
1 changed files with 4 additions and 0 deletions
--- a/xdg-app-helper.c
+++ b/xdg-app-helper.c
@ -1150,6 +1150,10 @@ main (int argc,
  /* Get the capabilities we need, drop root */
  acquire_caps ();

+  /* Never gain any more privs during exec */
+  if (prctl (PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
+    die_with_error ("prctl(PR_SET_NO_NEW_CAPS) failed");
+
  args = &argv[1];
  n_args = argc - 1;