These calls are not necessary: When setting capabilities, we always
remove them from the inheritable set, so they will inevitably be
removed at exec-time. Also, these groups of calls were never updated
for DAC_OVERRIDE, which would have posed a pretty severe problem.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
gid_t gid = current_user.ut.gid;
void (*saved_handler)(int);
- /*
- * Lose any elevated privileges.
- */
- drop_effective_capability(KERNEL_OPLOCK_CAPABILITY);
- drop_effective_capability(DMAPI_ACCESS_CAPABILITY);
-
/* point our stdout at the file we want output to go into */
if (outfd && ((*outfd = setup_out_fd()) == -1)) {
int ifd[2];
void (*saved_handler)(int);
- /*
- * Lose any elevated privileges.
- */
- drop_effective_capability(KERNEL_OPLOCK_CAPABILITY);
- drop_effective_capability(DMAPI_ACCESS_CAPABILITY);
-
/* build up an input pipe */
if(pipe(ifd)) {
return -1;
} else {
/* CHILD */
- /*
- * Lose any elevated privileges.
- */
- drop_effective_capability(KERNEL_OPLOCK_CAPABILITY);
- drop_effective_capability(DMAPI_ACCESS_CAPABILITY);
-
/* make sure it doesn't freeze */
alarm(20);
projects / thirdparty / samba.git / commitdiff
