nfqws,tpws: separate droproot from dropcaps

2025-05-24 22:32:58 +03:00 · 2025-03-13 21:54:28 +03:00
parent 2db1ebafe3
commit bd8decddc5
5 changed files with 8 additions and 11 deletions
--- a/tpws/sec.c
+++ b/tpws/sec.c
@@ -263,7 +263,7 @@ bool can_drop_root(void)
 {
 #ifdef __linux__
 	// has some caps
-	return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)|(1<<CAP_SETPCAP));
+	return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID));
 #else
 	// effective root
 	return !geteuid();
@@ -295,11 +295,7 @@ bool droproot(uid_t uid, gid_t gid)
 		DLOG_PERROR("setuid");
 		return false;
 	}
-#ifdef __linux__
-	return dropcaps();
-#else
 	return true;
-#endif
 }

 void print_id(void)
--- a/tpws/tpws.c
+++ b/tpws/tpws.c
@@ -1947,6 +1947,10 @@ int main(int argc, char *argv[])
 	sec_harden();
 	if (params.droproot && !droproot(params.uid,params.gid))
 		goto exiterr;
+#ifdef __linux__
+	if (!dropcaps())
+		goto exiterr;
+#endif
 	print_id();
 	if (params.droproot && !test_list_files())
 		goto exiterr;