diff options
| author | Werner Koch <[email protected]> | 1999-06-29 19:50:54 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 1999-06-29 19:50:54 +0000 |
| commit | 75ed03c960bf6613d13435499cba0bddc79dc3fd (patch) | |
| tree | b2f1fcd92a2dca9c77ae16f98395c04fa9476eb2 /util/secmem.c | |
| parent | See ChangeLog: Sat Jun 26 13:54:43 CEST 1999 Werner Koch (diff) | |
| download | gnupg-75ed03c960bf6613d13435499cba0bddc79dc3fd.tar.gz gnupg-75ed03c960bf6613d13435499cba0bddc79dc3fd.zip | |
See ChangeLog: Tue Jun 29 21:44:25 CEST 1999 Werner Koch
Diffstat (limited to '')
| -rw-r--r-- | util/secmem.c | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/util/secmem.c b/util/secmem.c index 8f7c428e4..35a265408 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -29,6 +29,9 @@ #include <sys/mman.h> #include <sys/types.h> #include <fcntl.h> + #ifdef USE_CAPABILITIES + #include <sys/capability.h> + #endif #endif #include "types.h" @@ -80,7 +83,26 @@ print_warn(void) static void lock_pool( void *p, size_t n ) { - #ifdef HAVE_MLOCK + #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK) + int err; + + cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); + err = mlock( p, n ); + if( err && errno ) + err = errno; + cap_set_proc( cap_from_text("cap_ipc_lock+p") ); + + if( err ) { + if( errno != EPERM + #ifdef EAGAIN /* OpenBSD returns this */ + && errno != EAGAIN + #endif + ) + log_error("can�t lock memory: %s\n", strerror(err)); + show_warning = 1; + } + + #elif defined(HAVE_MLOCK) uid_t uid; int err; @@ -216,7 +238,11 @@ void secmem_init( size_t n ) { if( !n ) { - #ifndef HAVE_DOSISH_SYSTEM + #ifdef USE_CAPABILITIES + /* drop all capabilities */ + cap_set_proc( cap_from_text("all-eip") ); + + #elif !defined(HAVE_DOSISH_SYSTEM) uid_t uid; disable_secmem=1; |