--- gnupg-1.4.7/util/secmem.c.orig 2007-02-12 06:26:30.000000000 -0700 +++ gnupg-1.4.7/util/secmem.c 2007-03-07 13:59:40.000000000 -0700 @@ -106,12 +106,18 @@ lock_pool( void *p, size_t n ) { #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK) int err; + cap_t caps; + + caps = cap_from_text("cap_ipc_lock=ep"); + cap_set_proc( caps ); + cap_free( caps ); - cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); err = mlock( p, n ); if( err && errno ) err = errno; - cap_set_proc( cap_from_text("cap_ipc_lock+p") ); + caps = cap_from_text("cap_ipc_lock=p"); + cap_set_proc( caps ); + cap_free( caps ); if( err ) { if( errno != EPERM @@ -312,8 +318,12 @@ secmem_init( size_t n ) if( !n ) { #ifndef __riscos__ #ifdef USE_CAPABILITIES + cap_t caps; + /* drop all capabilities */ - cap_set_proc( cap_from_text("all-eip") ); + caps = cap_from_text("all-eip"); + cap_set_proc( caps ); + cap_free( caps ); #elif !defined(HAVE_DOSISH_SYSTEM) uid_t uid; --- gnupg-1.4.7/g10/status.c.orig 2007-03-05 02:02:57.000000000 -0700 +++ gnupg-1.4.7/g10/status.c 2007-03-07 13:59:40.000000000 -0700 @@ -361,6 +361,9 @@ init_shm_coprocessing ( ulong requested_ { char buf[100]; struct shmid_ds shmds; +#ifdef USE_CAPABILITIES + cap_t caps; +#endif #ifndef IPC_RMID_DEFERRED_RELEASE atexit( remove_shmid ); @@ -386,7 +389,9 @@ init_shm_coprocessing ( ulong requested_ (unsigned)shm_size/1024, shm_area, shm_id ); if( lock_mem ) { #ifdef USE_CAPABILITIES - cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); + caps = cap_from_text("cap_ipc_lock=ep"); + cap_set_proc( caps ); + cap_free( caps ); #endif /* (need the cast for Solaris with Sun's workshop compilers) */ if ( mlock ( (char*)shm_area, shm_size) ) @@ -395,7 +400,9 @@ init_shm_coprocessing ( ulong requested_ else shm_is_locked = 1; #ifdef USE_CAPABILITIES - cap_set_proc( cap_from_text("cap_ipc_lock+p") ); + caps = cap_from_text("cap_ipc_lock=p"); + cap_set_proc( caps ); + cap_free( caps ); #endif } @@ -422,7 +429,9 @@ init_shm_coprocessing ( ulong requested_ if( lock_mem ) { #ifdef USE_CAPABILITIES - cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); + caps = cap_from_text("cap_ipc_lock=ep"); + cap_set_proc( caps ); + cap_free( caps ); #endif #ifdef IPC_HAVE_SHM_LOCK if ( shmctl (shm_id, SHM_LOCK, 0) ) @@ -434,7 +443,9 @@ init_shm_coprocessing ( ulong requested_ log_info("Locking shared memory %d failed: No way to do it\n", shm_id ); #endif #ifdef USE_CAPABILITIES - cap_set_proc( cap_from_text("cap_ipc_lock+p") ); + caps = cap_from_text("cap_ipc_lock=p"); + cap_set_proc( caps ); + cap_free( caps ); #endif }