[SM-imapproxy] [PATCH] use prctl(PRCTL_SET_NO_NEW_PRIVS, 1) for added security

[Shawn L. <sh...@ch...>]

from prctl(2):

With  no_new_privs  set  to  1,  execve(2) promises not to grant
privileges to do anything that could not have been done  without
the  execve(2)  call (for example, rendering the set-user-ID and
set-group-ID permission bits, and  file  capabilities  non-func‐
tional).   Once  set,  this bit cannot be unset.  The setting of
this bit  is  inherited  by  children  created  by  fork(2)  and
clone(2), and preserved across execve(2).
---
 include/imapproxy.h |  3 +++
 src/becomenonroot.c | 16 +++++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/include/imapproxy.h b/include/imapproxy.h
index ce0b13b..aa090c4 100644
--- a/include/imapproxy.h
+++ b/include/imapproxy.h
@@ -152,6 +152,9 @@
 #include <limits.h>
 #endif
 
+#ifndef PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS	38
+#endif
 
 /* 
  * Common definitions 
diff --git a/src/becomenonroot.c b/src/becomenonroot.c
index f19a9fb..7399ba8 100644
--- a/src/becomenonroot.c
+++ b/src/becomenonroot.c
@@ -57,6 +57,9 @@
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif
+#ifdef __linux__
+#include <sys/prctl.h>
+#endif
 
 #include "imapproxy.h"
 
@@ -185,7 +188,18 @@ extern int BecomeNonRoot( void )
 	       newuid, strerror(errno));
 	return(-1);
     }
-    
+
+#ifdef __linux__
+    if ( prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
+    {
+        syslog( LOG_WARNING, "%s: prctl(PR_SET_NO_NEW_PRIVS, 1) failed: %s",  fn,
+               strerror(errno));
+        if ( errno == EINVAL )
+            syslog( LOG_INFO, "%s: Perhaps kernel too old (<3.5)", fn);
+    } else
+        syslog( LOG_INFO, "%s: enabled no_new_privs",  fn)
+#endif
+
     return(0);
 }
 
-- 
1.8.4.rc3