From: "Paul Lesniewski" <paul@squirrelmail.org>
On Sat, Aug 24, 2013 at 7:56 PM, Shawn Landden <shawn@churchofgit.com> wrote:

This is a great idea, and we really appreciate you providing the patch
ready to go.  Is this version any different than what you sent to the
squirrelmail-devel list yesterday?

I changed the error message to say which version the feature appeared in (Linux 3.5) 
---
include/imapproxy.h |  3 +++
src/becomenonroot.c | 16 +++++++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/include/imapproxy.h b/include/imapproxy.h
index ce0b13b..aa090c4 100644
--- a/include/imapproxy.h
+++ b/include/imapproxy.h
@@ -152,6 +152,9 @@
#include <limits.h>
#endif

+#ifndef PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS    38
+#endif

/*
* Common definitions
diff --git a/src/becomenonroot.c b/src/becomenonroot.c
index f19a9fb..7399ba8 100644
--- a/src/becomenonroot.c
+++ b/src/becomenonroot.c
@@ -57,6 +57,9 @@
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
+#ifdef __linux__
+#include <sys/prctl.h>
+#endif

#include "imapproxy.h"

@@ -185,7 +188,18 @@ extern int BecomeNonRoot( void )
newuid, strerror(errno));
return(-1);
}
-
+
+#ifdef __linux__
+    if ( prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
+    {
+        syslog( LOG_WARNING, "%s: prctl(PR_SET_NO_NEW_PRIVS, 1) failed: %s",  fn,
+               strerror(errno));
+        if ( errno == EINVAL )
+            syslog( LOG_INFO, "%s: Perhaps kernel too old (<3.5)", fn);
+    } else
+        syslog( LOG_INFO, "%s: enabled no_new_privs",  fn)
+#endif
+
return(0);
}

--
1.8.4.rc3

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
-----
squirrelmail-imapproxy mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-imapproxy@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.imapproxy
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-imapproxy


--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
-----
squirrelmail-imapproxy mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-imapproxy@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.imapproxy
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-imapproxy