Skip to content

Commit

Permalink
Revert "squash! src: allow CAP_NET_BIND_SERVICE in SafeGetenv"
Browse files Browse the repository at this point in the history 
This reverts commit bf3f873.
  • Loading branch information
@danbev
danbev committed Mar 18, 2021
1 parent bf3f873 commit f76c6b0
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions src/node_credentials.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@

#if !defined(_MSC_VER)
#include <unistd.h> // setuid, getuid
#include <linux/capability.h>
#include <sys/syscall.h>
#include <sys/capability.h>
#endif

namespace node {
Expand Down Expand Up @@ -45,7 +44,7 @@ bool HasCapability(int capability) {
};
struct __user_cap_data_struct cap_data;

if (syscall(SYS_capget, &cap_header_data, &cap_data) == -1) {
if (capget(&cap_header_data, &cap_data) == -1) {
return false;
}

Expand All @@ -59,8 +58,8 @@ bool HasCapability(int capability) {
// then lookup will not be allowed.
bool SafeGetenv(const char* key, std::string* text, Environment* env) {
#if !defined(__CloudABI__) && !defined(_WIN32)
if (!HasCapability(CAP_NET_BIND_SERVICE) && (per_process::linux_at_secure ||
getuid() != geteuid() || getgid() != getegid()))
if (!HasCapability(CAP_NET_BIND_SERVICE) && per_process::linux_at_secure ||
getuid() != geteuid() || getgid() != getegid())
goto fail;
#endif

Expand Down

0 comments on commit f76c6b0

Please sign in to comment.