« back to all changes in this revision
Viewing changes to progs/capsh.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): Torsten Werner
- Date: 2008-03-29 10:19:58 UTC
- Revision ID: james.westby@ubuntu.com-20080329101958-mi16dsb9fuzn1352
Tags: upstream-2.08
ImportĀ upstreamĀ versionĀ 2.08
- files added:
- doc
- doc/old
- libcap
- libcap/include
- libcap/include/linux
- libcap/include/sys
- pam_cap
- progs
- progs/old
added
removed
progs/capsh.c
1
/*
2
* Copyright (c) 2008 Andrew G. Morgan <morgan@kernel.org>
3
*
4
* This is a simple 'bash' wrapper program that can be used to
5
* raise and lower both the bset and pI capabilities before invoking
6
* /bin/bash (hardcoded right now).
7
*
8
* The --print option can be used as a quick test whether various
9
* capability manipulations work as expected (or not).
10
*/
11
12
#include <stdio.h>
13
#include <string.h>
14
#include <stdlib.h>
15
#include <sys/prctl.h>
16
#include <sys/capability.h>
17
#include <unistd.h>
18
#include <errno.h>
19
#include <sys/wait.h>
20
21
/* prctl based API for altering character of current process */
22
#define PR_GET_KEEPCAPS 7
23
#define PR_SET_KEEPCAPS 8
24
#define PR_CAPBSET_READ 23
25
#define PR_CAPBSET_DROP 24
26
#define PR_GET_SECUREBITS 25
27
#define PR_SET_SECUREBITS 26
28
29
static const cap_value_t raise_setpcap[1] = { CAP_SETPCAP };
30
static const cap_value_t raise_chroot[1] = { CAP_SYS_CHROOT };
31
32
int main(int argc, char *argv[], char *envp[])
33
{
34
pid_t child;
35
unsigned i;
36
37
child = 0;
38
39
for (i=1; i<argc; ++i) {
40
if (!memcmp("--drop=", argv[i], 4)) {
41
char *ptr;
42
cap_t orig, raised_for_setpcap;
43
44
/*
45
* We need to do this here because --inh=XXX may have reset
46
* orig and it isn't until we are within the --drop code that
47
* we know what the prevailing (orig) pI value is.
48
*/
49
orig = cap_get_proc();
50
if (orig == NULL) {
51
perror("Capabilities not available");
52
exit(1);
53
}
54
55
raised_for_setpcap = cap_dup(orig);
56
if (raised_for_setpcap == NULL) {
57
fprintf(stderr, "BSET modification requires CAP_SETPCAP\n");
58
exit(1);
59
}
60
61
if (cap_set_flag(raised_for_setpcap, CAP_EFFECTIVE, 1,
62
raise_setpcap, CAP_SET) != 0) {
63
perror("unable to select CAP_SETPCAP");
64
exit(1);
65
}
66
67
for (ptr = argv[i]+7; (ptr = strtok(ptr, ",")); ptr = NULL) {
68
/* find name for token */
69
cap_value_t cap;
70
int status;
71
72
if (cap_from_name(ptr, &cap) != 0) {
73
fprintf(stderr, "capability [%s] is unknown to libcap\n",
74
ptr);
75
exit(1);
76
}
77
if (cap_set_proc(raised_for_setpcap) != 0) {
78
perror("unable to raise CAP_SETPCAP for BSET changes");
79
exit(1);
80
}
81
status = prctl(PR_CAPBSET_DROP, cap);
82
if (cap_set_proc(orig) != 0) {
83
perror("unable to lower CAP_SETPCAP post BSET change");
84
exit(1);
85
}
86
if (status) {
87
fprintf(stderr, "failed to drop [%s=%u]\n", ptr, cap);
88
exit(1);
89
}
90
}
91
92
cap_free(raised_for_setpcap);
93
cap_free(orig);
94
} else if (!memcmp("--inh=", argv[i], 6)) {
95
cap_t all, raised_for_setpcap;
96
char *text;
97
char *ptr;
98
99
all = cap_get_proc();
100
if (all == NULL) {
101
perror("Capabilities not available");
102
exit(1);
103
}
104
105
raised_for_setpcap = cap_dup(all);
106
if ((raised_for_setpcap != NULL)
107
&& (cap_set_flag(raised_for_setpcap, CAP_EFFECTIVE, 1,
108
raise_setpcap, CAP_SET) != 0)) {
109
cap_free(raised_for_setpcap);
110
raised_for_setpcap = NULL;
111
}
112
113
text = cap_to_text(all, NULL);
114
cap_free(all);
115
if (text == NULL) {
116
perror("Fatal error concerning process capabilities");
117
exit(1);
118
}
119
ptr = malloc(10 + strlen(argv[i]+6) + strlen(text));
120
if (ptr == NULL) {
121
perror("Out of memory for inh set");
122
exit(1);
123
}
124
sprintf(ptr, "%s all-i %s+i", text, argv[i]+6);
125
126
all = cap_from_text(ptr);
127
if (all == NULL) {
128
perror("Fatal error internalizing capabilities");
129
exit(1);
130
}
131
cap_free(text);
132
free(ptr);
133
134
if (raised_for_setpcap != NULL) {
135
/*
136
* This is only for the case that pP does not contain
137
* the requested change to pI.. Failing here is not
138
* indicative of the cap_set_proc(all) failing (always).
139
*/
140
(void) cap_set_proc(raised_for_setpcap);
141
cap_free(raised_for_setpcap);
142
raised_for_setpcap = NULL;
143
}
144
145
if (cap_set_proc(all) != 0) {
146
perror("Unable to set inheritable capabilities");
147
exit(1);
148
}
149
/*
150
* Since status is based on orig, we don't want to restore
151
* the previous value of 'all' again here!
152
*/
153
154
cap_free(all);
155
} else if (!memcmp("--caps=", argv[i], 7)) {
156
cap_t all, raised_for_setpcap;
157
158
raised_for_setpcap = cap_get_proc();
159
if (raised_for_setpcap == NULL) {
160
perror("Capabilities not available");
161
exit(1);
162
}
163
164
if ((raised_for_setpcap != NULL)
165
&& (cap_set_flag(raised_for_setpcap, CAP_EFFECTIVE, 1,
166
raise_setpcap, CAP_SET) != 0)) {
167
cap_free(raised_for_setpcap);
168
raised_for_setpcap = NULL;
169
}
170
171
all = cap_from_text(argv[i]+7);
172
if (all == NULL) {
173
fprintf(stderr, "unable to interpret [%s]\n", argv[i]);
174
exit(1);
175
}
176
177
if (raised_for_setpcap != NULL) {
178
/*
179
* This is only for the case that pP does not contain
180
* the requested change to pI.. Failing here is not
181
* indicative of the cap_set_proc(all) failing (always).
182
*/
183
(void) cap_set_proc(raised_for_setpcap);
184
cap_free(raised_for_setpcap);
185
raised_for_setpcap = NULL;
186
}
187
188
if (cap_set_proc(all) != 0) {
189
fprintf(stderr, "Unable to set capabilities [%s]\n", argv[i]);
190
exit(1);
191
}
192
/*
193
* Since status is based on orig, we don't want to restore
194
* the previous value of 'all' again here!
195
*/
196
197
cap_free(all);
198
} else if (!memcmp("--keep=", argv[i], 7)) {
199
unsigned value;
200
int set;
201
202
value = strtoul(argv[i]+7, NULL, 0);
203
set = prctl(PR_SET_KEEPCAPS, value);
204
if (set < 0) {
205
fprintf(stderr, "prctl(PR_SET_KEEPCAPS, %u) failed: %s\n",
206
value, strerror(errno));
207
exit(1);
208
}
209
} else if (!memcmp("--chroot=", argv[i], 9)) {
210
int status;
211
cap_t orig, raised_for_chroot;
212
213
orig = cap_get_proc();
214
if (orig == NULL) {
215
perror("Capabilities not available");
216
exit(1);
217
}
218
219
raised_for_chroot = cap_dup(orig);
220
if (raised_for_chroot == NULL) {
221
perror("Unable to duplicate capabilities");
222
exit(1);
223
}
224
225
if (cap_set_flag(raised_for_chroot, CAP_EFFECTIVE, 1, raise_chroot,
226
CAP_SET) != 0) {
227
perror("unable to select CAP_SET_SYS_CHROOT");
228
exit(1);
229
}
230
231
if (cap_set_proc(raised_for_chroot) != 0) {
232
perror("unable to raise CAP_SYS_CHROOT");
233
exit(1);
234
}
235
cap_free(raised_for_chroot);
236
237
status = chroot(argv[i]+9);
238
if (cap_set_proc(orig) != 0) {
239
perror("unable to lower CAP_SYS_CHROOT");
240
exit(1);
241
}
242
cap_free(orig);
243
244
if (status != 0) {
245
fprintf(stderr, "Unable to chroot to [%s]", argv[i]+9);
246
exit(1);
247
}
248
} else if (!memcmp("--secbits=", argv[i], 10)) {
249
unsigned value;
250
int status;
251
252
value = strtoul(argv[i]+10, NULL, 0);
253
status = prctl(PR_SET_SECUREBITS, value);
254
if (status < 0) {
255
fprintf(stderr, "failed to set securebits to 0%o/0x%x\n",
256
value, value);
257
exit(1);
258
}
259
} else if (!memcmp("--forkfor=", argv[i], 10)) {
260
unsigned value;
261
262
value = strtoul(argv[i]+10, NULL, 0);
263
if (value == 0) {
264
goto usage;
265
}
266
child = fork();
267
if (child < 0) {
268
perror("unable to fork()");
269
} else if (!child) {
270
sleep(value);
271
exit(0);
272
}
273
} else if (!memcmp("--killit=", argv[i], 9)) {
274
int retval, status;
275
pid_t result;
276
unsigned value;
277
278
value = strtoul(argv[i]+9, NULL, 0);
279
if (!child) {
280
fprintf(stderr, "no forked process to kill\n");
281
exit(1);
282
}
283
retval = kill(child, value);
284
if (retval != 0) {
285
perror("Unable to kill child process");
286
exit(1);
287
}
288
result = waitpid(child, &status, 0);
289
if (result != child) {
290
fprintf(stderr, "waitpid didn't match child: %u != %u\n",
291
child, result);
292
exit(1);
293
}
294
if (WTERMSIG(status) != value) {
295
fprintf(stderr, "child terminated with odd signal (%d != %d)\n"
296
, value, WTERMSIG(status));
297
exit(1);
298
}
299
} else if (!memcmp("--uid=", argv[i], 6)) {
300
unsigned value;
301
int status;
302
303
value = strtoul(argv[i]+6, NULL, 0);
304
status = setuid(value);
305
if (status < 0) {
306
fprintf(stderr, "Failed to set uid=%u: %s\n",
307
value, strerror(errno));
308
exit(1);
309
}
310
} else if (!strcmp("--print", argv[i])) {
311
unsigned cap;
312
int set;
313
cap_t all;
314
char *text;
315
const char *sep;
316
317
all = cap_get_proc();
318
text = cap_to_text(all, NULL);
319
printf("Current: %s\n", text);
320
cap_free(text);
321
cap_free(all);
322
323
printf("Bounding set =");
324
sep = "";
325
for (cap=0; (set = prctl(PR_CAPBSET_READ, cap)) >= 0; cap++) {
326
const char *ptr;
327
if (!set) {
328
continue;
329
}
330
331
ptr = cap_to_name(cap);
332
if (ptr == 0) {
333
printf("%s%u", sep, cap);
334
} else {
335
printf("%s%s", sep, ptr);
336
}
337
sep = ",";
338
}
339
printf("\n");
340
set = prctl(PR_GET_SECUREBITS);
341
if (set >= 0) {
342
printf("Securebits: 0%o/0x%x\n", set, set);
343
printf(" secure-noroot: %s (%s)\n",
344
(set & 1) ? "yes":"no",
345
(set & 2) ? "locked":"unlocked");
346
printf(" secure-no-suid-fixup: %s (%s)\n",
347
(set & 4) ? "yes":"no",
348
(set & 8) ? "locked":"unlocked");
349
printf(" secure-keep-caps: %s (%s)\n",
350
(set & 16) ? "yes":"no",
351
(set & 32) ? "locked":"unlocked");
352
} else {
353
printf("[Securebits ABI not supported]\n");
354
set = prctl(PR_GET_KEEPCAPS);
355
if (set >= 0) {
356
printf(" prctl-keep-caps: %s (locking not supported)\n",
357
set ? "yes":"no");
358
} else {
359
printf("[Keepcaps ABI not supported]\n");
360
}
361
}
362
printf("uid=%u\n", getuid());
363
} else if ((!strcmp("--", argv[i])) || (!strcmp("==", argv[i]))) {
364
argv[i] = strdup(argv[i][0] == '-' ? "/bin/bash" : argv[0]);
365
argv[argc] = NULL;
366
execve(argv[i], argv+i, envp);
367
fprintf(stderr, "execve /bin/bash failed!\n");
368
exit(1);
369
} else {
370
usage:
371
printf("usage: %s [args ...]\n"
372
" --help this message\n"
373
" --print display capability relevant state\n"
374
" --drop=xxx remove xxx,.. capabilities from bset\n"
375
" --caps=xxx set caps as per cap_from_text()\n"
376
" --inh=xxx set xxx,.. inheritiable set\n"
377
" --secbits=<n> write a new value for securebits\n"
378
" --keep=<n> set keep-capabability bit to <n>\n"
379
" --uid=<n> set uid to <n> (hint: id <username>)\n"
380
" --chroot=path chroot(2) to this path to invoke bash\n"
381
" --killit=<n> send signal(n) to child\n"
382
" --forkfor=<n> fork and make child sleep for <n> sec\n"
383
" == re-exec(capsh) with args as for --\n"
384
" -- remaing arguments are for /bin/bash\n"
385
" (without -- [%s] will simply exit(0))\n",
386
argv[0], argv[0]);
387
388
exit(strcmp("--help", argv[i]) != 0);
389
}
390
}
391
392
exit(0);
393
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1