diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2019-12-13 17:30:23 -0800 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2019-12-13 17:30:23 -0800 |
| commit | 2b5f5635be6131d7e89b4c6244b29f32ebd163c1 (patch) | |
| tree | 496b977ac4a94ee632eeece27946660d127878ea | |
| parent | 2bd8e293982acc034554b7f66d6b969f24199876 (diff) | |
| download | libcap-2b5f5635be6131d7e89b4c6244b29f32ebd163c1.tar.gz | |
Restructure the make files into build vs. test
Also install the Go packages if built.
Remove a default behavior of installing an inheritable bit on setcap.
I'm getting alarmed that some distributions are setting the inheritable
set to full for all users. So, I don't want to provide a vector for
a trivial exploit, and hope they are not reinventing this:
https://sites.google.com/site/fullycapable/Home/thesendmailcapabilitiesissue
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
| -rw-r--r-- | Make.Rules | 37 | ||||
| -rw-r--r-- | Makefile | 6 | ||||
| -rw-r--r-- | go/Makefile | 61 | ||||
| -rw-r--r-- | progs/Makefile | 10 | ||||
| -rw-r--r-- | tests/Makefile | 15 |
5 files changed, 93 insertions, 36 deletions
@@ -86,15 +86,38 @@ CGO_LDFLAGS_ALLOW := -Wl,-wrap,.+ CGO_REQUIRED=$(shell $(topdir)/go/cgo-required.sh) endif -# When installing setcap, set its inheritable bit to be able to place -# capabilities on files. It can be used in conjunction with pam_cap -# (associated with su and certain users say) to make it useful for -# specially blessed users. If you wish to drop this install feature, -# use this command when running install +# When installing setcap, you can arrange for the installation process +# to set its inheritable bit to be able to place capabilities on files. +# It can be used in conjunction with pam_cap (associated with su and +# certain users say) to make it useful for specially blessed users. # -# make RAISE_SETFCAP=no install +# make RAISE_SETFCAP=yes install # -RAISE_SETFCAP := yes +# This is now defaulted to no because some distributions have started +# shipping with all users blessed with full inheritable sets which makes +# no sense whatsoever! +# +# Indeed, it looks alarmingly like these distributions are recreating +# the environment for what became known as the sendmail-capabilities +# bug from 2000: +# +# https://sites.google.com/site/fullycapable/Home/thesendmailcapabilitiesissue +# +# they are also nullifying the difference between a p-bit and an i-bit. +# +# Folk really should read this document, which explains there is a really +# important difference being lost here: +# +# https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/33528.pdf +# +# In the context of this tree, on such such systems, a yes setting will +# guarantee that every user, by default, is able to bless any binary with +# any capability - a ready made local exploit machanism. +RAISE_SETFCAP := no + +# If set to yes, this will cause the go "web" demo app to force the needed p +# bit to be able to bind to port 80 without running as root. +RAISE_GO_FILECAP := no # Global cleanup stuff @@ -35,7 +35,11 @@ release: distclean cd .. && ln -s libcap libcap-$(VERSION).$(MINOR) && tar cvf libcap-$(VERSION).$(MINOR).tar --exclude patches libcap-$(VERSION).$(MINOR)/* && rm libcap-$(VERSION).$(MINOR) test: all - cd progs && sudo ./quicktest.sh + make -C tests test +ifeq ($(GOLANG),yes) + make -C go test +endif + make -C progs test morganrelease: distclean @echo "sign the tag twice: older DSA key; and newer RSA kernel.org key" diff --git a/go/Makefile b/go/Makefile index a8b3dc0..ce22f78 100644 --- a/go/Makefile +++ b/go/Makefile @@ -1,4 +1,4 @@ -# Building the libcap/cap Go package. Note, we use symlinks to +# Building the libcap/{cap.psx} Go packages. Note, we use symlinks to # construct a go friendly src tree. topdir=$(realpath ..) @@ -8,11 +8,12 @@ GOPATH=$(realpath .) PSXGOPACKAGE=pkg/$(GOOSARCH)/libcap/psx.a CAPGOPACKAGE=pkg/$(GOOSARCH)/libcap/cap.a +DEPS=../libcap/libcap.a ../libcap/libpsx.a + all: $(PSXGOPACKAGE) $(CAPGOPACKAGE) web compare-cap -# $(MAKE) compare-cap -# $(MAKE) web -# ./compare-cap +$(DEPS): + make -C ../libcap all src/libcap/psx: mkdir -p src/libcap @@ -22,20 +23,8 @@ src/libcap/cap: mkdir -p src/libcap ln -s $(topdir)/cap src/libcap/ -$(PSXGOPACKAGE): src/libcap/psx $(topdir)/psx/psx.go $(topdir)/psx/psx_test.go - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH="$(GOPATH)" go test libcap/psx - mkdir -p pkg - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH="$(GOPATH)" go build libcap/psx - -$(CAPGOPACKAGE): src/libcap/cap/syscalls.go src/libcap/cap/names.go src/libcap/cap/cap.go src/libcap/cap/text.go - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(realpath .) go test libcap/cap - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(realpath .) go build libcap/cap - -install: all -# TODO - install the Go package somewhere useful (ex. /usr/share/gocode/src/libcap/cap/ ) - -$(topdir)/libcap/cap_names.h: - make -C $(topdir)/libcap +$(topdir)/libcap/cap_names.h: $(DEPS) + make -C $(topdir)/libcap all src/libcap/cap/names.go: $(topdir)/libcap/cap_names.h src/libcap/cap mknames.go go run mknames.go --header=$< | gofmt > $@ || rm -f $@ @@ -43,16 +32,42 @@ src/libcap/cap/names.go: $(topdir)/libcap/cap_names.h src/libcap/cap mknames.go src/libcap/cap/syscalls.go: ./syscalls.sh src/libcap/cap ./syscalls.sh src/libcap/cap -# Compile and run something with this package and compare it to libcap. +$(PSXGOPACKAGE): src/libcap/psx src/libcap/psx/psx.go src/libcap/psx/psx_test.go $(DEPS) + mkdir -p pkg + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH="$(GOPATH)" go install libcap/psx + +$(CAPGOPACKAGE): src/libcap/cap/syscalls.go src/libcap/cap/names.go src/libcap/cap/cap.go src/libcap/cap/text.go $(PSXGOPACKAGE) + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) go install libcap/cap + +# Compiles something with this package to compare it to libcap. This +# tests more when run under sudo (see ../progs/quicktest.sh for that). compare-cap: compare-cap.go $(CAPGOPACKAGE) - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(realpath .) go build $< + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) go build $< web: web.go $(CAPGOPACKAGE) - CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(realpath .) go build $< + CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) go build $< +ifeq ($(RAISE_GO_FILECAP),yes) + make -C ../progs setcap + sudo ../progs/setcap cap_net_bind_service=p web + @echo "NOTE: RAISED cap_net_bind_service ON web binary" +endif + +test: all + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH="$(GOPATH)" go test libcap/psx + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) go test libcap/cap + ./compare-cap + +install: all + mkdir -p $(FAKEROOT)$(GOPKGDIR)/libcap/psx + rm -f $(FAKEROOT)$(GOPKGDIR)/libcap/psx/* + install -m 0644 src/libcap/psx/* $(FAKEROOT)$(GOPKGDIR)/libcap/psx/ + mkdir -p $(FAKEROOT)$(GOPKGDIR)/libcap/cap + rm -f $(FAKEROOT)$(GOPKGDIR)/libcap/cap/* + install -m 0644 src/libcap/cap/* $(FAKEROOT)$(GOPKGDIR)/libcap/cap/ clean: - GOPATH=$(realpath .) go clean -x -i libcap/cap 2> /dev/null || exit 0 - GOPATH=$(realpath .) go clean -x -i libcap/psx 2> /dev/null || exit 0 + GOPATH=$(GOPATH) go clean -x -i libcap/cap 2> /dev/null || exit 0 + GOPATH=$(GOPATH) go clean -x -i libcap/psx 2> /dev/null || exit 0 rm -f *.o *.so mknames web compare-cap *~ rm -f $(topdir)/cap/*~ $(topdir)/cap/names.go $(topdir)/cap/syscalls*.go rm -f $(topdir)/psx/*~ diff --git a/progs/Makefile b/progs/Makefile index 0786ad3..4d97454 100644 --- a/progs/Makefile +++ b/progs/Makefile @@ -12,9 +12,14 @@ ifneq ($(DYNAMIC),yes) LDFLAGS += --static endif +DEPS=../libcap/libcap.a ../libcap/libpsx.a + all: $(BUILD) -$(BUILD): %: %.o +$(DEPS): + make -C ../libcap all + +$(BUILD): %: %.o $(DEPS) $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) %.o: %.c $(INCS) @@ -29,6 +34,9 @@ ifeq ($(RAISE_SETFCAP),yes) $(FAKEROOT)$(SBINDIR)/setcap cap_setfcap=i $(FAKEROOT)$(SBINDIR)/setcap endif +test: $(PROGS) + sudo ./quicktest.sh + clean: $(LOCALCLEAN) rm -f *.o $(BUILD) tcapsh ping hack.sh compare-cap diff --git a/tests/Makefile b/tests/Makefile index b16bdcd..8a0f919 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -5,7 +5,14 @@ topdir=$(shell pwd)/.. include ../Make.Rules # -all: run_psx_test run_libcap_psx_test +DEPS=../libcap/libcap.a ../libcap/libpsx.a + +all: psx_test psx_test_wrap libcap_psx_test + +$(DEPS): + make -C ../libcap all + +test: run_psx_test run_libcap_psx_test install: all @@ -13,16 +20,16 @@ run_psx_test: psx_test psx_test_wrap ./psx_test ./psx_test_wrap -psx_test: psx_test.c +psx_test: psx_test.c $(DEPS) $(CC) $(CFLAGS) $(IPATH) -DNOWRAP $< -o $@ $(LIBPSXLIB) -psx_test_wrap: psx_test.c +psx_test_wrap: psx_test.c $(DEPS) $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBPSXLIB) -Wl,-wrap,pthread_create run_libcap_psx_test: libcap_psx_test ./libcap_psx_test -libcap_psx_test: libcap_psx_test.c +libcap_psx_test: libcap_psx_test.c $(DEPS) $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) -Wl,-wrap,pthread_create --static clean: |