• rswindell's avatar
    Only do the whole Linux-capabilities dance when run as root (user-id 0). · f22757c4
    rswindell authored
    This eliminates the error messages that would be displayed/logged when
    attempting the SYS_capset SYSCALL, which fails when not root.
    
    So the capabilities dance enabled with USE_LINUX_CAPS (which is automatically
    enabled when /usr/include/sys/capabilites.h exists, which is installed with
    the libcap2-dev package) apparently is still useful if you need to start
    sbbs as root: the main thread will remain as root even when the child
    threads have their user-id's changed to the user specified in the [UNIX]
    section of sbbs.ini or on the command-line
    - so reducing the enabled privilege set for this root/main thread to the
    minimum needed, is a good security measure. It does this reduction (call to
    linux_minprivs() after the call to change_user()) so I'm not exactly sure how
    that works, but according to Deuce, this is what's happening. :-/
    f22757c4
sbbscon.c 63 KB