Changeset 16050 in vbox for trunk/src/VBox/HostDrivers/Support

Timestamp:

Jan 19, 2009 5:16:00 PM (16 years ago)

Author:

vboxsync

Message:

SUPR3: don't change the capabilities if started as root

File:

• trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp (modified) (5 diffs)

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp

@@ -610 +610 @@
      * keep the cap_net_raw capability for ICMP sockets for the NAT stack.
      */
+    if (g_uCaps != 0)
+    {
 #  ifdef USE_LIB_PCAP
-    /* XXX cap_net_bind_service */
-    if (!cap_set_proc(cap_from_text("all-eip cap_net_raw+ep")))
-        prctl(PR_SET_KEEPCAPS, /*keep=*/1, 0, 0, 0);
+        /* XXX cap_net_bind_service */
+        if (!cap_set_proc(cap_from_text("all-eip cap_net_raw+ep")))
+            prctl(PR_SET_KEEPCAPS, /*keep=*/1, 0, 0, 0);
 #  else
-    if (g_uCaps != 0)
-    {
         cap_user_header_t hdr = (cap_user_header_t)alloca(sizeof(*hdr));
         cap_user_data_t   cap = (cap_user_data_t)alloca(sizeof(*cap));
@@ -626 +626 @@
         if (!capset(hdr, cap))
             prctl(PR_SET_KEEPCAPS, /*keep=*/1, 0, 0, 0);
-    }
-#  endif
+#  endif /* !USE_LIB_PCAP */
+    }
 
 # elif defined(RT_OS_SOLARIS)
@@ -673 +673 @@
 
     /*
-     * CAP_NET_RAW.
-     * Default: enabled.
-     * Can be disabled with 'export VBOX_HARD_CAP_NET_RAW=0'.
-     */
-    pszOpt = getenv("VBOX_HARD_CAP_NET_RAW");
-    if (   !pszOpt
-        || memcmp(pszOpt, "0", sizeof("0")) != 0)
-        g_uCaps = CAP_TO_MASK(CAP_NET_RAW);
-
-    /*
-     * CAP_NET_BIND_SERVICE.
-     * Default: disabled.
-     * Can be enabled with 'export VBOX_HARD_CAP_NET_BIND_SERVICE=1'.
-     */
-    pszOpt = getenv("VBOX_HARD_CAP_NET_BIND_SERVICE");
-    if (   pszOpt
-        && memcmp(pszOpt, "0", sizeof("0")) != 0)
-        g_uCaps |= CAP_TO_MASK(CAP_NET_BIND_SERVICE);
+     * Do _not_ perform any capability-related system calls for root processes
+     * (leaving g_uCaps at 0).
+     */
+    if (getuid() != 0)
+    {
+        /*
+         * CAP_NET_RAW.
+         * Default: enabled.
+         * Can be disabled with 'export VBOX_HARD_CAP_NET_RAW=0'.
+         */
+        pszOpt = getenv("VBOX_HARD_CAP_NET_RAW");
+        if (   !pszOpt
+                || memcmp(pszOpt, "0", sizeof("0")) != 0)
+            g_uCaps = CAP_TO_MASK(CAP_NET_RAW);
+
+        /*
+         * CAP_NET_BIND_SERVICE.
+         * Default: disabled.
+         * Can be enabled with 'export VBOX_HARD_CAP_NET_BIND_SERVICE=1'.
+         */
+        pszOpt = getenv("VBOX_HARD_CAP_NET_BIND_SERVICE");
+        if (   pszOpt
+                && memcmp(pszOpt, "0", sizeof("0")) != 0)
+            g_uCaps |= CAP_TO_MASK(CAP_NET_BIND_SERVICE);
+    }
 # endif
 }
@@ -762 +769 @@
      * Re-enable the cap_net_raw capability which was disabled during setresuid.
      */
+    if (g_uCaps != 0)
+    {
 #  ifdef USE_LIB_PCAP
-    /** @todo Warn if that does not work? */
-    /* XXX cap_net_bind_service */
-    cap_set_proc(cap_from_text("cap_net_raw+ep"));
+        /** @todo Warn if that does not work? */
+        /* XXX cap_net_bind_service */
+        cap_set_proc(cap_from_text("cap_net_raw+ep"));
 #  else
-    if (g_uCaps != 0)
-    {
         cap_user_header_t hdr = (cap_user_header_t)alloca(sizeof(*hdr));
         cap_user_data_t   cap = (cap_user_data_t)alloca(sizeof(*cap));
@@ -778 +785 @@
         /** @todo Warn if that does not work? */
         capset(hdr, cap);
-    }
-#  endif
+#  endif /* !USE_LIB_PCAP */
+    }
 # endif
 }