Overview

File libgcrypt-secmem_dont_drop_privilege.patch of Package libgcrypt

Index: libgcrypt-1.6.1/src/secmem.c
===================================================================
--- libgcrypt-1.6.1.orig/src/secmem.c	2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/src/secmem.c	2015-08-04 14:53:11.414719663 +0200
@@ -303,6 +303,9 @@ lock_pool (void *p, size_t n)
     err = errno;
 #endif /* !HAVE_BROKEN_MLOCK */
 
+/* don't drop privileges because it breaks
+   setuid applications using libgcrypt */
+#if 0
   /* Test whether we are running setuid(0).  */
   if (uid && ! geteuid ())
     {
@@ -315,6 +318,7 @@ lock_pool (void *p, size_t n)
             log_fatal ("failed to reset uid: %s\n", strerror (errno));
         }
     }
+#endif
 
   if (err)
     {
@@ -480,6 +484,9 @@ secmem_init (size_t n)
 {
   if (!n)
     {
+/* don't drop privileges because it breaks
+   setuid applications using libgcrypt */
+#if 0
 #ifdef USE_CAPABILITIES
       /* drop all capabilities */
       {
@@ -501,6 +508,7 @@ secmem_init (size_t n)
 	    log_fatal ("failed to drop setuid\n");
 	}
 #endif
+#endif
     }
   else
     {
openSUSE Build Service is sponsored by
Places