diff options
author | Haibo Huang <hhb@google.com> | 2021-01-25 19:23:57 -0800 |
---|---|---|
committer | Haibo Huang <hhb@google.com> | 2021-01-25 19:23:57 -0800 |
commit | 47fac93ec338499b9d6262521aa23e391b671861 (patch) | |
tree | 7225b3cdde2611d6f072cd157620b42193b4a8bc /progs/capsh.c | |
parent | 8626dd4746bdaac0572f3e7cc647ffe176346dd6 (diff) | |
parent | 28f5bc71416b2e27e470327995a202d04e917e3f (diff) | |
download | libcap-47fac93ec338499b9d6262521aa23e391b671861.tar.gz |
Upgrade libcap to libcap-2.47
Test: make
Change-Id: I3af018f6f5b48de209b07eec9bfd43b20aa2a804
Diffstat (limited to 'progs/capsh.c')
-rw-r--r-- | progs/capsh.c | 81 |
1 files changed, 51 insertions, 30 deletions
diff --git a/progs/capsh.c b/progs/capsh.c index 899f79c..a39ceeb 100644 --- a/progs/capsh.c +++ b/progs/capsh.c @@ -1,9 +1,10 @@ /* * Copyright (c) 2008-11,16,19,2020 Andrew G. Morgan <morgan@kernel.org> * - * This is a simple 'bash' (-DSHELL) wrapper program that can be used - * to raise and lower both the bset and pI capabilities before - * invoking /bin/bash. + * This is a multifunction shell wrapper tool that can be used to + * launch capable files in various ways with a variety of settings. It + * also supports some testing modes, which are used extensively as + * part of the libcap build system. * * The --print option can be used as a quick test whether various * capability manipulations work as expected (or not). @@ -107,8 +108,9 @@ static void arg_print(void) set = cap_get_secbits(); if (set >= 0) { const char *b = binary(set); /* verilog convention for binary string */ - printf("Securebits: 0%lo/0x%lx/%u'b%s\n", set, set, - (unsigned) strlen(b), b); + printf("Securebits: 0%lo/0x%lx/%u'b%s (no-new-privs=%d)\n", set, set, + (unsigned) strlen(b), b, + prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0, 0)); printf(" secure-noroot: %s (%s)\n", (set & SECBIT_NOROOT) ? "yes":"no", (set & SECBIT_NOROOT_LOCKED) ? "locked":"unlocked"); @@ -909,47 +911,66 @@ int main(int argc, char *argv[], char *envp[]) exit(1); } cap_free(iab); + } else if (!strcmp("--no-new-privs", argv[i])) { + if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0, 0) != 0) { + perror("unable to set no-new-privs"); + exit(1); + } + } else if (!strcmp("--has-no-new-privs", argv[i])) { + if (prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0, 0) != 1) { + fprintf(stderr, "no-new-privs not set\n"); + exit(1); + } + } else if (!strcmp("--license", argv[i])) { + printf( + "%s has a you choose license: BSD 3-clause or GPL2\n" + "Copyright (c) 2008-11,16,19,2020 Andrew G. Morgan" + " <morgan@kernel.org>\n", argv[0]); + exit(0); } else { usage: printf("usage: %s [args ...]\n" - " --help this message (or try 'man capsh')\n" - " --print display capability relevant state\n" - " --decode=xxx decode a hex string to a list of caps\n" - " --supports=xxx exit 1 if capability xxx unsupported\n" - " --has-p=xxx exit 1 if capability xxx not permitted\n" - " --has-i=xxx exit 1 if capability xxx not inheritable\n" - " --drop=xxx remove xxx,.. capabilities from bset\n" - " --dropped=xxx exit 1 unless bounding cap xxx dropped\n" - " --has-ambient exit 1 unless ambient vector supported\n" " --has-a=xxx exit 1 if capability xxx not ambient\n" + " --has-ambient exit 1 unless ambient vector supported\n" " --addamb=xxx add xxx,... capabilities to ambient set\n" - " --delamb=xxx remove xxx,... capabilities from ambient\n" - " --noamb reset (drop) all ambient capabilities\n" + " --cap-uid=<n> use libcap cap_setuid() to change uid\n" " --caps=xxx set caps as per cap_from_text()\n" - " --inh=xxx set xxx,.. inheritable set\n" - " --secbits=<n> write a new value for securebits\n" + " --chroot=path chroot(2) to this path\n" + " --decode=xxx decode a hex string to a list of caps\n" + " --delamb=xxx remove xxx,... capabilities from ambient\n" + " --forkfor=<n> fork and make child sleep for <n> sec\n" + " --gid=<n> set gid to <n> (hint: id <username>)\n" + " --groups=g,... set the supplemental groups\n" + " --has-p=xxx exit 1 if capability xxx not permitted\n" + " --has-i=xxx exit 1 if capability xxx not inheritable\n" + " --has-no-new-privs exit 1 if privs not limited\n" + " --help, -h this message (or try 'man capsh')\n" " --iab=... use cap_iab_from_text() to set iab\n" - " --keep=<n> set keep-capability bit to <n>\n" - " --uid=<n> set uid to <n> (hint: id <username>)\n" - " --cap-uid=<n> libcap cap_setuid() to change uid\n" + " --inh=xxx set xxx,.. inheritable set\n" + " --inmode=<xxx> exit 1 if current mode is not <xxx>\n" " --is-uid=<n> exit 1 if uid != <n>\n" - " --gid=<n> set gid to <n> (hint: id <username>)\n" " --is-gid=<n> exit 1 if gid != <n>\n" - " --groups=g,... set the supplemental groups\n" - " --user=<name> set uid,gid and groups to that of user\n" - " --chroot=path chroot(2) to this path\n" + " --keep=<n> set keep-capability bit to <n>\n" + " --killit=<n> send signal(n) to child\n" + " --license display license info\n" " --modes list libcap named capability modes\n" " --mode=<xxx> set capability mode to <xxx>\n" - " --inmode=<xxx> exit 1 if current mode is not <xxx>\n" - " --killit=<n> send signal(n) to child\n" - " --forkfor=<n> fork and make child sleep for <n> sec\n" + " --no-new-privs set sticky process privilege limiter\n" + " --noamb reset (drop) all ambient capabilities\n" + " --print display capability relevant state\n" + " --secbits=<n> write a new value for securebits\n" " --shell=/xx/yy use /xx/yy instead of " SHELL " for --\n" + " --supports=xxx exit 1 if capability xxx unsupported\n" + " --uid=<n> set uid to <n> (hint: id <username>)\n" + " --user=<name> set uid,gid and groups to that of user\n" " == re-exec(capsh) with args as for --\n" " -- remaining arguments are for " SHELL "\n" " (without -- [%s] will simply exit(0))\n", argv[0], argv[0]); - - exit(strcmp("--help", argv[i]) != 0); + if (strcmp("--help", argv[1]) && strcmp("-h", argv[1])) { + exit(1); + } + exit(0); } } |