sys_linux: don't keep NET_BIND_SERVICE for unprivileged port

Don't keep the NET_BIND_SERVICE capability if the configured NTP port is
not privileged (i.e. not smaller than 1024).

diff --git a/sys_linux.c b/sys_linux.c
index 411ceec5eb904724beda2bb99849160ff911a9f0..456a33267341a493177bb90e488a361c7a5f2e3f 100644 (file)
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -437,12 +437,14 @@ SYS_Linux_DropRoot(uid_t uid, gid_t gid, int clock_control)
   
   UTI_DropRoot(uid, gid);
 
-  /* Keep CAP_NET_BIND_SERVICE if the NTP server sockets may need to be bound.
+  /* Keep CAP_NET_BIND_SERVICE if the NTP server sockets may need to be bound
+     to a privileged port.
      Keep CAP_NET_RAW if an NTP socket may need to be bound to a device on
      kernels before 5.7.
      Keep CAP_SYS_TIME if the clock control is enabled. */
   if (snprintf(cap_text, sizeof (cap_text), "%s %s %s",
-               CNF_GetNTPPort() ? "cap_net_bind_service=ep" : "",
+               (CNF_GetNTPPort() > 0 && CNF_GetNTPPort() < 1024) ?
+                 "cap_net_bind_service=ep" : "",
                (CNF_GetBindNtpInterface() || CNF_GetBindAcquisitionInterface()) &&
                  !SYS_Linux_CheckKernelVersion(5, 7) ? "cap_net_raw=ep" : "",
                clock_control ? "cap_sys_time=ep" : "") >= sizeof (cap_text))