2017-06-14 11:46:52 +02:00
|
|
|
/* vi: set sw=4 ts=4: */
|
|
|
|
/*
|
|
|
|
* setpriv implementation for busybox based on linux-utils-ng 2.29
|
|
|
|
*
|
|
|
|
* Copyright (C) 2017 by <assafgordon@gmail.com>
|
|
|
|
*
|
|
|
|
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
|
|
|
|
*/
|
|
|
|
//config:config SETPRIV
|
2018-12-28 03:20:17 +01:00
|
|
|
//config: bool "setpriv (6.6 kb)"
|
2017-06-14 11:46:52 +02:00
|
|
|
//config: default y
|
|
|
|
//config: select PLATFORM_LINUX
|
|
|
|
//config: select LONG_OPTS
|
|
|
|
//config: help
|
2017-07-21 09:50:55 +02:00
|
|
|
//config: Run a program with different Linux privilege settings.
|
|
|
|
//config: Requires kernel >= 3.5
|
2017-07-04 18:49:24 +02:00
|
|
|
//config:
|
|
|
|
//config:config FEATURE_SETPRIV_DUMP
|
|
|
|
//config: bool "Support dumping current privilege state"
|
|
|
|
//config: default y
|
|
|
|
//config: depends on SETPRIV
|
|
|
|
//config: help
|
2017-07-21 09:50:55 +02:00
|
|
|
//config: Enables the "--dump" switch to print out the current privilege
|
|
|
|
//config: state. This is helpful for diagnosing problems.
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
//config:
|
|
|
|
//config:config FEATURE_SETPRIV_CAPABILITIES
|
|
|
|
//config: bool "Support capabilities"
|
|
|
|
//config: default y
|
|
|
|
//config: depends on SETPRIV
|
|
|
|
//config: help
|
2017-07-21 09:50:55 +02:00
|
|
|
//config: Capabilities can be used to grant processes additional rights
|
|
|
|
//config: without the necessity to always execute as the root user.
|
|
|
|
//config: Enabling this option enables "--dump" to show information on
|
|
|
|
//config: capabilities.
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
//config:
|
|
|
|
//config:config FEATURE_SETPRIV_CAPABILITY_NAMES
|
|
|
|
//config: bool "Support capability names"
|
|
|
|
//config: default y
|
|
|
|
//config: depends on SETPRIV && FEATURE_SETPRIV_CAPABILITIES
|
|
|
|
//config: help
|
2017-07-21 09:50:55 +02:00
|
|
|
//config: Capabilities can be either referenced via a human-readble name,
|
|
|
|
//config: e.g. "net_admin", or using their index, e.g. "cap_12". Enabling
|
|
|
|
//config: this option allows using the human-readable names in addition to
|
|
|
|
//config: the index-based names.
|
2017-06-14 11:46:52 +02:00
|
|
|
|
|
|
|
//applet:IF_SETPRIV(APPLET(setpriv, BB_DIR_BIN, BB_SUID_DROP))
|
|
|
|
|
|
|
|
//kbuild:lib-$(CONFIG_SETPRIV) += setpriv.o
|
|
|
|
|
|
|
|
//usage:#define setpriv_trivial_usage
|
|
|
|
//usage: "[OPTIONS] PROG [ARGS]"
|
|
|
|
//usage:#define setpriv_full_usage "\n\n"
|
|
|
|
//usage: "Run PROG with different privilege settings\n"
|
2017-07-04 18:49:24 +02:00
|
|
|
//usage: IF_FEATURE_SETPRIV_DUMP(
|
|
|
|
//usage: "\n-d,--dump Show current capabilities"
|
|
|
|
//usage: )
|
2017-06-14 11:46:52 +02:00
|
|
|
//usage: "\n--nnp,--no-new-privs Ignore setuid/setgid bits and file capabilities"
|
2017-07-07 01:59:45 +02:00
|
|
|
//usage: IF_FEATURE_SETPRIV_CAPABILITIES(
|
2017-07-07 02:14:23 +02:00
|
|
|
//usage: "\n--inh-caps CAP,CAP Set inheritable capabilities"
|
|
|
|
//usage: "\n--ambient-caps CAP,CAP Set ambient capabilities"
|
2017-07-07 01:59:45 +02:00
|
|
|
//usage: )
|
2017-06-14 11:46:52 +02:00
|
|
|
|
|
|
|
//setpriv from util-linux 2.28:
|
|
|
|
// -d, --dump show current state (and do not exec anything)
|
|
|
|
// --nnp, --no-new-privs disallow granting new privileges
|
|
|
|
// --inh-caps <caps,...> set inheritable capabilities
|
|
|
|
// --bounding-set <caps> set capability bounding set
|
|
|
|
// --ruid <uid> set real uid
|
|
|
|
// --euid <uid> set effective uid
|
|
|
|
// --rgid <gid> set real gid
|
|
|
|
// --egid <gid> set effective gid
|
|
|
|
// --reuid <uid> set real and effective uid
|
|
|
|
// --regid <gid> set real and effective gid
|
|
|
|
// --clear-groups clear supplementary groups
|
|
|
|
// --keep-groups keep supplementary groups
|
|
|
|
// --groups <group,...> set supplementary groups
|
|
|
|
// --securebits <bits> set securebits
|
|
|
|
// --selinux-label <label> set SELinux label
|
|
|
|
// --apparmor-profile <pr> set AppArmor profile
|
|
|
|
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
#if ENABLE_FEATURE_SETPRIV_CAPABILITIES
|
|
|
|
#include <linux/capability.h>
|
2017-07-07 17:59:40 +02:00
|
|
|
// #include <sys/capability.h>
|
|
|
|
// This header is in libcap, but the functions are in libc.
|
|
|
|
// Comment in the header says this above capset/capget:
|
|
|
|
/* system calls - look to libc for function to system call mapping */
|
|
|
|
extern int capset(cap_user_header_t header, cap_user_data_t data);
|
|
|
|
extern int capget(cap_user_header_t header, const cap_user_data_t data);
|
|
|
|
// so for bbox, let's just repeat the declarations.
|
|
|
|
// This way, libcap needs not be installed in build environment.
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
#endif
|
2017-06-14 11:46:52 +02:00
|
|
|
#include <sys/prctl.h>
|
|
|
|
#include "libbb.h"
|
|
|
|
|
2017-07-06 22:59:23 +02:00
|
|
|
#ifndef PR_CAPBSET_READ
|
|
|
|
#define PR_CAPBSET_READ 23
|
|
|
|
#endif
|
|
|
|
|
2017-06-14 11:46:52 +02:00
|
|
|
#ifndef PR_SET_NO_NEW_PRIVS
|
|
|
|
#define PR_SET_NO_NEW_PRIVS 38
|
|
|
|
#endif
|
|
|
|
|
2017-07-06 15:21:43 +02:00
|
|
|
#ifndef PR_GET_NO_NEW_PRIVS
|
|
|
|
#define PR_GET_NO_NEW_PRIVS 39
|
|
|
|
#endif
|
|
|
|
|
2017-07-06 23:02:33 +02:00
|
|
|
#ifndef PR_CAP_AMBIENT
|
|
|
|
#define PR_CAP_AMBIENT 47
|
|
|
|
#define PR_CAP_AMBIENT_IS_SET 1
|
2017-07-07 02:14:23 +02:00
|
|
|
#define PR_CAP_AMBIENT_RAISE 2
|
|
|
|
#define PR_CAP_AMBIENT_LOWER 3
|
2017-07-06 23:02:33 +02:00
|
|
|
#endif
|
|
|
|
|
2017-07-02 15:42:51 +02:00
|
|
|
enum {
|
2017-07-04 18:49:24 +02:00
|
|
|
IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,)
|
2017-07-07 01:59:45 +02:00
|
|
|
IF_FEATURE_SETPRIV_CAPABILITIES(OPTBIT_INH,)
|
2017-07-07 02:14:23 +02:00
|
|
|
IF_FEATURE_SETPRIV_CAPABILITIES(OPTBIT_AMB,)
|
2017-07-02 15:42:51 +02:00
|
|
|
OPTBIT_NNP,
|
|
|
|
|
2017-07-04 18:49:24 +02:00
|
|
|
IF_FEATURE_SETPRIV_DUMP(OPT_DUMP = (1 << OPTBIT_DUMP),)
|
2017-07-07 01:59:45 +02:00
|
|
|
IF_FEATURE_SETPRIV_CAPABILITIES(OPT_INH = (1 << OPTBIT_INH),)
|
2017-07-07 02:14:23 +02:00
|
|
|
IF_FEATURE_SETPRIV_CAPABILITIES(OPT_AMB = (1 << OPTBIT_AMB),)
|
2017-07-04 18:49:24 +02:00
|
|
|
OPT_NNP = (1 << OPTBIT_NNP),
|
2017-07-02 15:42:51 +02:00
|
|
|
};
|
|
|
|
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
#if ENABLE_FEATURE_SETPRIV_CAPABILITIES
|
2017-08-21 19:30:01 +02:00
|
|
|
DEFINE_STRUCT_CAPS;
|
2017-07-07 16:00:07 +02:00
|
|
|
|
2017-08-21 02:14:19 +02:00
|
|
|
static unsigned parse_cap(const char *cap)
|
2017-07-07 16:00:07 +02:00
|
|
|
{
|
|
|
|
switch (cap[0]) {
|
|
|
|
case '-':
|
|
|
|
break;
|
|
|
|
case '+':
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
bb_error_msg_and_die("invalid capability '%s'", cap);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
cap++;
|
2017-08-21 02:14:19 +02:00
|
|
|
return cap_name_to_number(cap);
|
2017-07-07 16:00:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void set_inh_caps(char *capstring)
|
|
|
|
{
|
|
|
|
struct caps caps;
|
|
|
|
|
|
|
|
getcaps(&caps);
|
|
|
|
|
|
|
|
capstring = strtok(capstring, ",");
|
|
|
|
while (capstring) {
|
2017-08-21 02:14:19 +02:00
|
|
|
unsigned cap;
|
2017-07-07 16:00:07 +02:00
|
|
|
|
2017-08-20 20:21:31 +02:00
|
|
|
cap = parse_cap(capstring);
|
2017-07-07 16:00:07 +02:00
|
|
|
if (CAP_TO_INDEX(cap) >= caps.u32s)
|
2017-08-21 19:30:01 +02:00
|
|
|
bb_error_msg_and_die("invalid capability '%s'", capstring);
|
2017-07-07 16:00:07 +02:00
|
|
|
|
|
|
|
if (capstring[0] == '+')
|
|
|
|
caps.data[CAP_TO_INDEX(cap)].inheritable |= CAP_TO_MASK(cap);
|
|
|
|
else
|
|
|
|
caps.data[CAP_TO_INDEX(cap)].inheritable &= ~CAP_TO_MASK(cap);
|
|
|
|
capstring = strtok(NULL, ",");
|
|
|
|
}
|
|
|
|
|
2017-08-21 19:30:01 +02:00
|
|
|
if (capset(&caps.header, caps.data) != 0)
|
2017-07-07 16:00:07 +02:00
|
|
|
bb_perror_msg_and_die("capset");
|
|
|
|
}
|
|
|
|
|
|
|
|
static void set_ambient_caps(char *string)
|
|
|
|
{
|
|
|
|
char *cap;
|
|
|
|
|
|
|
|
cap = strtok(string, ",");
|
|
|
|
while (cap) {
|
2017-08-29 15:34:38 +02:00
|
|
|
unsigned idx;
|
2017-07-07 16:00:07 +02:00
|
|
|
|
2017-08-29 15:34:38 +02:00
|
|
|
idx = parse_cap(cap);
|
2017-07-07 16:00:07 +02:00
|
|
|
if (cap[0] == '+') {
|
2017-08-29 15:34:38 +02:00
|
|
|
if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, idx, 0, 0) < 0)
|
2017-07-07 16:00:07 +02:00
|
|
|
bb_perror_msg("cap_ambient_raise");
|
|
|
|
} else {
|
2017-08-29 15:34:38 +02:00
|
|
|
if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, idx, 0, 0) < 0)
|
2017-07-07 16:00:07 +02:00
|
|
|
bb_perror_msg("cap_ambient_lower");
|
|
|
|
}
|
|
|
|
cap = strtok(NULL, ",");
|
|
|
|
}
|
|
|
|
}
|
2017-07-07 01:59:45 +02:00
|
|
|
#endif /* FEATURE_SETPRIV_CAPABILITIES */
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
|
2017-07-07 01:59:45 +02:00
|
|
|
#if ENABLE_FEATURE_SETPRIV_DUMP
|
2017-08-21 02:14:19 +02:00
|
|
|
# if !ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES
|
2017-07-07 16:09:45 +02:00
|
|
|
# define printf_cap(pfx, cap_no) printf("%scap_%u", (pfx), (cap_no))
|
|
|
|
# endif
|
|
|
|
|
2017-07-04 18:49:24 +02:00
|
|
|
static int dump(void)
|
|
|
|
{
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
IF_FEATURE_SETPRIV_CAPABILITIES(struct caps caps;)
|
|
|
|
const char *fmt;
|
2017-07-04 18:49:24 +02:00
|
|
|
uid_t ruid, euid, suid;
|
|
|
|
gid_t rgid, egid, sgid;
|
|
|
|
gid_t *gids;
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
int i, ngids, nnp;
|
2017-07-04 18:49:24 +02:00
|
|
|
|
|
|
|
getresuid(&ruid, &euid, &suid); /* never fails in Linux */
|
|
|
|
getresgid(&rgid, &egid, &sgid); /* never fails in Linux */
|
|
|
|
ngids = 0;
|
|
|
|
gids = bb_getgroups(&ngids, NULL); /* never fails in Linux */
|
|
|
|
|
2017-07-06 15:21:43 +02:00
|
|
|
nnp = prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);
|
|
|
|
if (nnp < 0)
|
2017-07-07 01:59:45 +02:00
|
|
|
bb_perror_msg_and_die("prctl: %s", "GET_NO_NEW_PRIVS");
|
2017-07-06 15:21:43 +02:00
|
|
|
|
2017-07-04 18:49:24 +02:00
|
|
|
printf("uid: %u\n", (unsigned)ruid);
|
|
|
|
printf("euid: %u\n", (unsigned)euid);
|
|
|
|
printf("gid: %u\n", (unsigned)rgid);
|
|
|
|
printf("egid: %u\n", (unsigned)egid);
|
|
|
|
|
|
|
|
printf("Supplementary groups: ");
|
|
|
|
if (ngids == 0) {
|
|
|
|
printf("[none]");
|
|
|
|
} else {
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
fmt = ",%u" + 1;
|
2017-07-04 18:49:24 +02:00
|
|
|
for (i = 0; i < ngids; i++) {
|
|
|
|
printf(fmt, (unsigned)gids[i]);
|
|
|
|
fmt = ",%u";
|
|
|
|
}
|
|
|
|
}
|
2017-07-06 15:21:43 +02:00
|
|
|
printf("\nno_new_privs: %d\n", nnp);
|
2017-07-04 18:49:24 +02:00
|
|
|
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
# if ENABLE_FEATURE_SETPRIV_CAPABILITIES
|
|
|
|
getcaps(&caps);
|
|
|
|
printf("Inheritable capabilities: ");
|
|
|
|
fmt = "";
|
|
|
|
for (i = 0; cap_valid(i); i++) {
|
|
|
|
unsigned idx = CAP_TO_INDEX(i);
|
|
|
|
if (idx >= caps.u32s) {
|
|
|
|
printf("\nindex: %u u32s: %u capability: %u\n", idx, caps.u32s, i);
|
|
|
|
bb_error_msg_and_die("unsupported capability");
|
|
|
|
}
|
|
|
|
if (caps.data[idx].inheritable & CAP_TO_MASK(i)) {
|
2017-07-07 16:09:45 +02:00
|
|
|
printf_cap(fmt, i);
|
2017-07-06 22:59:23 +02:00
|
|
|
fmt = ",";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!fmt[0])
|
|
|
|
printf("[none]");
|
|
|
|
|
2017-07-06 23:02:33 +02:00
|
|
|
printf("\nAmbient capabilities: ");
|
|
|
|
fmt = "";
|
|
|
|
for (i = 0; cap_valid(i); i++) {
|
|
|
|
int ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, (unsigned long) i, 0UL, 0UL);
|
|
|
|
if (ret < 0)
|
2017-07-07 01:59:45 +02:00
|
|
|
bb_perror_msg_and_die("prctl: %s", "CAP_AMBIENT_IS_SET");
|
2017-07-06 23:02:33 +02:00
|
|
|
if (ret) {
|
2017-07-07 16:09:45 +02:00
|
|
|
printf_cap(fmt, i);
|
2017-07-06 23:02:33 +02:00
|
|
|
fmt = ",";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (i == 0)
|
|
|
|
printf("[unsupported]");
|
|
|
|
else if (!fmt[0])
|
|
|
|
printf("[none]");
|
|
|
|
|
2017-07-06 22:59:23 +02:00
|
|
|
printf("\nCapability bounding set: ");
|
|
|
|
fmt = "";
|
|
|
|
for (i = 0; cap_valid(i); i++) {
|
|
|
|
int ret = prctl(PR_CAPBSET_READ, (unsigned long) i, 0UL, 0UL, 0UL);
|
|
|
|
if (ret < 0)
|
2017-07-07 01:59:45 +02:00
|
|
|
bb_perror_msg_and_die("prctl: %s", "CAPBSET_READ");
|
2017-07-06 22:59:23 +02:00
|
|
|
if (ret) {
|
2017-07-07 16:09:45 +02:00
|
|
|
printf_cap(fmt, i);
|
setpriv: dump inheritable capability set
The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.
By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.
To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:
function old new delta
.rodata 145969 146405 +436
setpriv_main 467 842 +375
capabilities - 304 +304
And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:
function old new delta
setpriv_main 467 838 +371
.rodata 145969 146101 +132
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-06 22:47:16 +02:00
|
|
|
fmt = ",";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!fmt[0])
|
|
|
|
printf("[none]");
|
|
|
|
bb_putchar('\n');
|
|
|
|
# endif
|
|
|
|
|
2017-08-21 19:30:01 +02:00
|
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
2017-07-04 18:49:24 +02:00
|
|
|
free(gids);
|
2017-08-21 19:30:01 +02:00
|
|
|
|
2017-07-04 18:49:24 +02:00
|
|
|
return EXIT_SUCCESS;
|
|
|
|
}
|
|
|
|
#endif /* FEATURE_SETPRIV_DUMP */
|
|
|
|
|
2017-06-14 11:46:52 +02:00
|
|
|
int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
|
|
|
int setpriv_main(int argc UNUSED_PARAM, char **argv)
|
|
|
|
{
|
|
|
|
static const char setpriv_longopts[] ALIGN1 =
|
2017-07-04 18:49:24 +02:00
|
|
|
IF_FEATURE_SETPRIV_DUMP(
|
2017-07-07 01:59:45 +02:00
|
|
|
"dump\0" No_argument "d"
|
|
|
|
)
|
|
|
|
"nnp\0" No_argument "\xff"
|
|
|
|
"no-new-privs\0" No_argument "\xff"
|
|
|
|
IF_FEATURE_SETPRIV_CAPABILITIES(
|
|
|
|
"inh-caps\0" Required_argument "\xfe"
|
2017-07-07 02:14:23 +02:00
|
|
|
"ambient-caps\0" Required_argument "\xfd"
|
2017-07-04 18:49:24 +02:00
|
|
|
)
|
2017-06-14 11:46:52 +02:00
|
|
|
;
|
|
|
|
int opts;
|
2017-07-07 02:14:23 +02:00
|
|
|
IF_FEATURE_SETPRIV_CAPABILITIES(char *inh_caps, *ambient_caps;)
|
2017-06-14 11:46:52 +02:00
|
|
|
|
2017-08-20 20:21:31 +02:00
|
|
|
opts = getopt32long(argv, "+"
|
|
|
|
IF_FEATURE_SETPRIV_DUMP("d")
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 16:38:18 +02:00
|
|
|
IF_FEATURE_SETPRIV_CAPABILITIES("\xfe:\xfd:"),
|
|
|
|
setpriv_longopts
|
|
|
|
IF_FEATURE_SETPRIV_CAPABILITIES(, &inh_caps, &ambient_caps)
|
|
|
|
);
|
2017-07-02 15:42:51 +02:00
|
|
|
argv += optind;
|
|
|
|
|
2017-07-04 18:49:24 +02:00
|
|
|
#if ENABLE_FEATURE_SETPRIV_DUMP
|
|
|
|
if (opts & OPT_DUMP) {
|
|
|
|
if (argv[0] || (opts - OPT_DUMP) != 0)
|
|
|
|
bb_show_usage();
|
|
|
|
return dump();
|
|
|
|
}
|
|
|
|
#endif
|
2017-07-02 15:42:51 +02:00
|
|
|
if (opts & OPT_NNP) {
|
2017-06-14 11:46:52 +02:00
|
|
|
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
|
2017-07-07 01:59:45 +02:00
|
|
|
bb_perror_msg_and_die("prctl: %s", "SET_NO_NEW_PRIVS");
|
2017-06-14 11:46:52 +02:00
|
|
|
}
|
|
|
|
|
2017-07-07 01:59:45 +02:00
|
|
|
#if ENABLE_FEATURE_SETPRIV_CAPABILITIES
|
|
|
|
if (opts & OPT_INH)
|
|
|
|
set_inh_caps(inh_caps);
|
2017-07-07 02:14:23 +02:00
|
|
|
if (opts & OPT_AMB)
|
|
|
|
set_ambient_caps(ambient_caps);
|
2017-07-07 01:59:45 +02:00
|
|
|
#endif
|
|
|
|
|
2017-07-02 15:42:51 +02:00
|
|
|
if (!argv[0])
|
|
|
|
bb_show_usage();
|
2017-06-14 11:46:52 +02:00
|
|
|
BB_EXECVP_or_die(argv);
|
|
|
|
}
|