Revert "squash! src: allow CAP_NET_BIND_SERVICE in SafeGetenv"

danbev · danbev · commit f76c6b0e725e · 2021-03-18T05:27:46.000+01:00
This reverts commit bf3f873.
diff --git a/src/node_credentials.cc b/src/node_credentials.cc
@@ -10,8 +10,7 @@
 
 #if !defined(_MSC_VER)
 #include <unistd.h>  // setuid, getuid
-#include <linux/capability.h>
-#include <sys/syscall.h>
+#include <sys/capability.h>
 #endif
 
 namespace node {
@@ -45,7 +44,7 @@ bool HasCapability(int capability) {
   };
   struct __user_cap_data_struct cap_data;
 
-  if (syscall(SYS_capget, &cap_header_data, &cap_data) == -1) {
+  if (capget(&cap_header_data, &cap_data) == -1) {
     return false;
   }
 
@@ -59,8 +58,8 @@ bool HasCapability(int capability) {
 // then lookup will not be allowed.
 bool SafeGetenv(const char* key, std::string* text, Environment* env) {
 #if !defined(__CloudABI__) && !defined(_WIN32)
-  if (!HasCapability(CAP_NET_BIND_SERVICE) && (per_process::linux_at_secure ||
-      getuid() != geteuid() || getgid() != getegid()))
+  if (!HasCapability(CAP_NET_BIND_SERVICE) && per_process::linux_at_secure ||
+      getuid() != geteuid() || getgid() != getegid())
     goto fail;
 #endif
 
