From ff52cf806fcc00ceea3068c07d557cc44c240b4a Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 17 Jan 2013 09:19:53 +0100
Subject: Don't allow more privs.

---
 honeypot.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/honeypot.c b/honeypot.c
index 34292e6..02fc17a 100644
--- a/honeypot.c
+++ b/honeypot.c
@@ -434,6 +434,8 @@ void drop_privileges()
 	setrlimit(RLIMIT_CORE, &limit);
 	limit.rlim_cur = limit.rlim_max = 100;
 	setrlimit(RLIMIT_NPROC, &limit);
+
+	prctl(PR_SET_NO_NEW_PRIVS, 1);
 }
 
 void handle_connection(int fd, char *ipaddr)
-- 
cgit v1.2.3-59-g8ed1b