1838. [cleanup] Don't allow Linux capabilities to be inherited.

[RT #13707]
2005-05-20 01:37:03 +00:00
parent 3b4405aba9
commit bb99a72b21
3 changed files with 6 additions and 5 deletions
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: os.c,v 1.74 2005/04/27 04:56:02 sra Exp $ */
+/* $Id: os.c,v 1.75 2005/05/20 01:37:03 marka Exp $ */

 /*! \file */

@@ -164,7 +164,7 @@ linux_setcaps(unsigned int caps) {
 	memset(&cap, 0, sizeof(cap));
 	cap.effective = caps;
 	cap.permitted = caps;
-	cap.inheritable = caps;
+	cap.inheritable = 0;
 	if (syscall(SYS_capset, &caphead, &cap) < 0) {
 		isc__strerror(errno, strbuf, sizeof(strbuf));
 		ns_main_earlyfatal("capset failed: %s:"