See ChangeLog: Tue Jun 29 21:44:25 CEST 1999 Werner Koch

2025-07-14 21:47:19 +02:00 · 1999-06-29 19:50:54 +00:00 · 1999-06-29 19:50:54 +00:00 · 75ed03c960
commit 75ed03c960
parent 38c47646ea
29 changed files with 1025 additions and 1284 deletions
--- a/util/secmem.c
+++ b/util/secmem.c
@ -29,6 +29,9 @@
  #include <sys/mman.h>
  #include <sys/types.h>
  #include <fcntl.h>
+  #ifdef USE_CAPABILITIES
+    #include <sys/capability.h>
+  #endif
 #endif

 #include "types.h"
@ -80,7 +83,26 @@ print_warn(void)
 static void
 lock_pool( void *p, size_t n )
 {
-  #ifdef HAVE_MLOCK
+  #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
+    int err;
+
+    cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
+    err = mlock( p, n );
+    if( err && errno )
+	err = errno;
+    cap_set_proc( cap_from_text("cap_ipc_lock+p") );
+
+    if( err ) {
+	if( errno != EPERM
+	  #ifdef EAGAIN  /* OpenBSD returns this */
+	    && errno != EAGAIN
+	  #endif
+	  )
+	    log_error("can´t lock memory: %s\n", strerror(err));
+	show_warning = 1;
+    }
+
+  #elif defined(HAVE_MLOCK)
    uid_t uid;
    int err;

@ -216,7 +238,11 @@ void
 secmem_init( size_t n )
 {
    if( !n ) {
-      #ifndef HAVE_DOSISH_SYSTEM
+      #ifdef USE_CAPABILITIES
+	/* drop all capabilities */
+	cap_set_proc( cap_from_text("all-eip") );
+
+      #elif !defined(HAVE_DOSISH_SYSTEM)
 	uid_t uid;

 	disable_secmem=1;