commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r909104 - /commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c
Date Thu, 11 Feb 2010 18:47:00 GMT
Author: mturk
Date: Thu Feb 11 18:46:58 2010
New Revision: 909104

URL: http://svn.apache.org/viewvc?rev=909104&view=rev
Log:
Fix DAEMON-16 by adding CAP_DAC_READ_SEARCH to allow reading /proc/self. This might however
open some other security issues, so need a review

Modified:
    commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c

Modified: commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c
URL: http://svn.apache.org/viewvc/commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c?rev=909104&r1=909103&r2=909104&view=diff
==============================================================================
--- commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c (original)
+++ commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c Thu Feb 11 18:46:58 2010
@@ -158,10 +158,13 @@
                 (1 << CAP_DAC_OVERRIDE)
 /* That a more reasonable configuration */
 #define CAPS    (1 << CAP_NET_BIND_SERVICE)+ \
+                (1 << CAP_DAC_READ_SEARCH)+ \
                 (1 << CAP_SETUID)+ \
                 (1 << CAP_SETGID)
 /* probably the only one Java could use */
-#define CAPSMIN (1 << CAP_NET_BIND_SERVICE)
+#define CAPSMIN (1 << CAP_NET_BIND_SERVICE)+ \
+                (1 << CAP_DAC_READ_SEARCH)
+
 static int set_caps(int caps)
 {
     struct __user_cap_header_struct caphead;



Mime
View raw message