Avoid unnecessarily overriding capabilities (#2381)

Previously all capabilities were overridden with 0xffffffffffffffff, which is not what normal processes have. This causes PR_CAPBSET_DROP prctl fail because it is dropping invalid caps. Fix it. This fixes https://gitlab.com/kalilinux/nethunter/apps/kali-nethunter-app/-/issues/378. Co-Authored-By: 5ec1cff <56485584+5ec1cff@users.noreply.github.com> Co-authored-by: 5ec1cff <56485584+5ec1cff@users.noreply.github.com>
2025-01-25 17:29:08 +08:00
parent b948976d24
commit 38640ee4a6
2 changed files with 5 additions and 6 deletions
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -162,14 +162,10 @@ void escape_to_root(void)
 		profile->capabilities.effective | CAP_DAC_READ_SEARCH;
 	memcpy(&cred->cap_effective, &cap_for_ksud,
 	       sizeof(cred->cap_effective));
-	memcpy(&cred->cap_inheritable, &profile->capabilities.effective,
-	       sizeof(cred->cap_inheritable));
 	memcpy(&cred->cap_permitted, &profile->capabilities.effective,
 	       sizeof(cred->cap_permitted));
 	memcpy(&cred->cap_bset, &profile->capabilities.effective,
 	       sizeof(cred->cap_bset));
-	memcpy(&cred->cap_ambient, &profile->capabilities.effective,
-	       sizeof(cred->cap_ambient));

 	setup_groups(profile, cred);