/* n.b. yes I know I should be using libcap!! */ int retval; struct __user_cap_header_struct cap_head; struct __user_cap_data_struct cap_data; __u32 cap_mask = 0; if (!caps) { bug("asked to adopt no capabilities"); } vsf_sysutil_memclr(&cap_head, sizeof(cap_head)); vsf_sysutil_memclr(&cap_data, sizeof(cap_data)); cap_head.version = _LINUX_CAPABILITY_VERSION; cap_head.pid = 0; if (caps & kCapabilityCAP_CHOWN) { cap_mask |= (1 << CAP_CHOWN); } if (caps & kCapabilityCAP_NET_BIND_SERVICE) { cap_mask |= (1 << CAP_NET_BIND_SERVICE); } cap_data.effective = cap_data.permitted = cap_mask; cap_data.inheritable = 0; retval = capset(&cap_head, &cap_data); if (retval != 0) { die("capset"); } } #else /* VSF_SYSDEP_HAVE_LIBCAP */ static int do_checkcap(void) { cap_t current_caps = cap_get_proc(); cap_free(current_caps); if (current_caps != NULL) { return 1; } return 0; }
static int am_privileged(void) { int am_privileged = 1; cap_t cap = cap_get_proc(); if (eff_caps_empty(cap)) am_privileged = 0; cap_free(cap); return am_privileged; }
static _Bool nsm_clear_capabilities(void) { cap_t caps; caps = cap_from_text("cap_net_bind_service=ep"); if (caps == NULL) { xlog(L_ERROR, "Failed to allocate capability: %m"); return false; } if (cap_set_proc(caps) == -1) { xlog(L_ERROR, "Failed to set capability flags: %m"); (void)cap_free(caps); return false; } (void)cap_free(caps); return true; }
/* * The project is going away so disable its cap. */ void cpucaps_project_remove(kproject_t *kpj) { mutex_enter(&caps_lock); if (PROJECT_IS_CAPPED(kpj)) cap_project_disable(kpj); if (kpj->kpj_cpucap != NULL) { cap_free(kpj->kpj_cpucap); kpj->kpj_cpucap = NULL; } mutex_exit(&caps_lock); }
/* run after child init we are uid User and gid Group */ static void ruid_child_init (apr_pool_t *p, server_rec *s) { UNUSED(s); int ncap; cap_t cap; cap_value_t capval[4]; /* detect default supplementary group IDs */ if ((startup_groupsnr = getgroups(RUID_MAXGROUPS, startup_groups)) == -1) { startup_groupsnr = 0; ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s ERROR getgroups() failed on child init, ignoring supplementary group IDs", MODULE_NAME); } /* setup chroot jailbreak */ if (chroot_used == RUID_CHROOT_USED && cap_mode == RUID_CAP_MODE_KEEP) { if ((root_handle = open("/.", O_RDONLY)) < 0) { root_handle = UNSET; ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR opening root file descriptor failed (%s)", MODULE_NAME, strerror(errno)); } else if (fcntl(root_handle, F_SETFD, FD_CLOEXEC) < 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR unable to set close-on-exec flag on root file descriptor (%s)", MODULE_NAME, strerror(errno)); if (close(root_handle) < 0) ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR closing root file descriptor (%d) failed", MODULE_NAME, root_handle); root_handle = UNSET; } else { /* register cleanup function */ apr_pool_cleanup_register(p, (void*)((long)root_handle), ruid_child_exit, apr_pool_cleanup_null); } } else { root_handle = (chroot_used == RUID_CHROOT_USED ? NONE : UNSET); } /* init cap with all zeros */ cap = cap_init(); capval[0] = CAP_SETUID; capval[1] = CAP_SETGID; ncap = 2; if (mode_stat_used == RUID_MODE_STAT_USED) { capval[ncap++] = CAP_DAC_READ_SEARCH; } if (root_handle != UNSET) { capval[ncap++] = CAP_SYS_CHROOT; } cap_set_flag(cap, CAP_PERMITTED, ncap, capval, CAP_SET); if (cap_set_proc(cap) != 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR %s:cap_set_proc failed", MODULE_NAME, __func__); } cap_free(cap); /* check if process is dumpable */ coredump = prctl(PR_GET_DUMPABLE); }
int main() { #ifdef HAVE_LIBCAP cap_t caps, caps2; int ret; caps = cap_from_text("cap_setpcap+ep"); caps2 = cap_from_text("cap_setpcap+ep"); ret = cap_set_proc(caps); ret = cap_compare(caps, caps2); printf("Caps were %sthe same\n", ret ? "not " : ""); cap_free(caps); cap_free(caps2); return ret; #else printf("System doesn't support full POSIX capabilities.\n"); return 1; #endif }
static int have_capabilities(void) { #ifdef HAVE_CAP_GET_PROC cap_t caps = cap_get_proc(); if (caps) { cap_flag_value_t value_p; cap_get_flag(caps, CAP_SYS_CHROOT, CAP_EFFECTIVE,&value_p); cap_free(caps); return (value_p); } #endif /*HAVE_CAP_GET_PROC*/ return 0; }
static PyObject * pycap_set_proc(PyObject *self, PyObject *args) { char *cap_str; cap_t cap; if (!PyArg_ParseTuple(args, "s", &cap_str)) { return NULL; } if ((cap = cap_from_text(cap_str)) == NULL) { PyErr_SetFromErrno(PyExc_OSError); return NULL; } if (cap_set_proc(cap)) { PyErr_SetFromErrno(PyExc_OSError); cap_free(cap); return NULL; } cap_free(cap); Py_RETURN_NONE; }
char * do_cap_get_file (const char *path) { cap_t cap; char *r, *ret; CHROOT_IN; cap = cap_get_file (path); CHROOT_OUT; if (cap == NULL) { reply_with_perror ("%s", path); return NULL; } r = cap_to_text (cap, NULL); if (r == NULL) { reply_with_perror ("cap_to_text"); cap_free (cap); return NULL; } cap_free (cap); /* 'r' is not an ordinary pointer that can be freed with free(3)! * In the current implementation of libcap, if you try to do that it * will segfault. We have to duplicate this into an ordinary * buffer, then call cap_free (r). */ ret = strdup (r); if (ret == NULL) { reply_with_perror ("strdup"); cap_free (r); return NULL; } cap_free (r); return ret; /* caller frees */ }
int set_caps_from_text(char *capstr) { cap_t caps = cap_from_text(capstr); int ret; if (!caps) { tst_resm(TFAIL, "Bad capability name: %s\n", capstr); return 1; } ret = cap_set_proc(caps); cap_free(caps); return ret; }
static int do_cap_set(cap_value_t *cap_value, int size, int reset) { cap_t caps; if (reset) { /* * Start with an empty set and set permitted and effective */ caps = cap_init(); if (caps == NULL) { do_perror("cap_init"); return -1; } if (cap_set_flag(caps, CAP_PERMITTED, size, cap_value, CAP_SET) < 0) { do_perror("cap_set_flag"); goto error; } } else { caps = cap_get_proc(); if (!caps) { do_perror("cap_get_proc"); return -1; } } if (cap_set_flag(caps, CAP_EFFECTIVE, size, cap_value, CAP_SET) < 0) { do_perror("cap_set_flag"); goto error; } if (cap_set_proc(caps) < 0) { do_perror("cap_set_proc"); goto error; } cap_free(caps); return 0; error: cap_free(caps); return -1; }
static int fsmSetFCaps(const char *path, const char *captxt) { int rc = 0; #if WITH_CAP if (captxt && *captxt != '\0') { cap_t fcaps = cap_from_text(captxt); if (fcaps == NULL || cap_set_file(path, fcaps) != 0) { rc = RPMERR_SETCAP_FAILED; } cap_free(fcaps); } #endif return rc; }
static void _clrcap (char *s, cap_value_t capflag) { cap_t cap; if (!(cap = cap_get_proc ())) err_exit ("%s: cap_get_proc", s); if (cap_set_flag (cap, CAP_EFFECTIVE, 1, &capflag, CAP_CLEAR) < 0) err_exit ("%s: cap_set_flag", s); if (cap_set_proc (cap) < 0) err_exit ("%s: cap_set_proc", s); if (cap_free (cap) < 0) err_exit ("%s: cap_free", s); }
static void _prtcap (char *s, cap_value_t capflag) { cap_t cap; cap_flag_value_t val; if (!(cap = cap_get_proc ())) err_exit ("%s: cap_get_proc", s); if (cap_get_flag (cap, capflag, CAP_EFFECTIVE, &val) < 0) err_exit ("%s: cap_get_flag", s); if (cap_free (cap) < 0) err_exit ("%s: cap_free", s); msg ("%s: cap is %s", s, val == CAP_SET ? "set" : "clear"); }
int lxc_caps_up(void) { cap_t caps; cap_value_t cap; int ret; /* when we are run as root, we don't want to play * with the capabilities */ if (!getuid()) return 0; caps = cap_get_proc(); if (!caps) { ERROR("failed to cap_get_proc: %m"); return -1; } //设置程序能力 for (cap = 0; cap <= CAP_LAST_CAP; cap++) { cap_flag_value_t flag; ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag); if (ret) { if (errno == EINVAL) { INFO("Last supported cap was %d\n", cap-1); break; } else { ERROR("failed to cap_get_flag: %m"); goto out; } } ret = cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap, flag); if (ret) { ERROR("failed to cap_set_flag: %m"); goto out; } } ret = cap_set_proc(caps); if (ret) { ERROR("failed to cap_set_proc: %m"); goto out; } out: cap_free(caps); return 0; }
/* * The function is called for each project in a zone when the zone cap is * modified. It enables project caps if zone cap is enabled and disables if the * zone cap is disabled and project doesn't have its own cap. * * For each project that does not have cpucap structure allocated it allocates a * new structure and assigns to kpj->cpu_cap. The allocation is performed * without holding caps_lock to avoid using KM_SLEEP allocation with caps_lock * held. */ static int cap_project_zone_modify_walker(kproject_t *kpj, void *arg) { cpucap_t *project_cap = NULL; cpucap_t *zone_cap = (cpucap_t *)arg; ASSERT(zone_cap != NULL); if (kpj->kpj_cpucap == NULL) { /* * This is the first time any cap was established for this * project. Allocate a new cpucap structure for it. */ project_cap = cap_alloc(); } mutex_enter(&caps_lock); /* * Double-check that kpj_cpucap is still NULL - now with caps_lock held * and assign the newly allocated cpucap structure to it. */ if (kpj->kpj_cpucap == NULL) { kpj->kpj_cpucap = project_cap; } else if (project_cap != NULL) { cap_free(project_cap); } project_cap = kpj->kpj_cpucap; if (CAP_DISABLED(zone_cap)) { /* * Remove all projects in this zone without caps * from the capped_projects list. */ if (project_cap->cap_chk_value == MAX_USAGE) { cap_project_disable(kpj); } } else if (CAP_DISABLED(project_cap)) { /* * Add the project to capped_projects list. */ ASSERT(project_cap->cap_chk_value == 0); cap_project_enable(kpj, MAX_USAGE); } mutex_exit(&caps_lock); return (0); }
static int modifyCap(int capability, int setting) { cap_t caps; cap_value_t capList[1]; /* Retrieve caller's current capabilities */ caps = cap_get_proc(); if (caps == NULL) return 1; /* Change setting of 'capability' in the effective set of 'caps'. The third argument, 1, is the number of items in the array 'capList'. */ capList[0] = capability; if (cap_set_flag(caps, CAP_EFFECTIVE, 1, capList, setting) == -1) { cap_free(caps); return 2; } /* Push modified capability sets back to kernel, to change caller's capabilities */ if (cap_set_proc(caps) == -1) { cap_free(caps); return 3; } /* Free the structure that was allocated by libcap */ if (cap_free(caps) == -1) return 4; return 0; }
void install_real_capabilities (cap_t new_caps) { /* If we have no capabilities there is nothing to do here. */ if (new_caps == NULL) return; if (cap_set_proc (new_caps)) { cap_free (new_caps); dbg_log (_("Failed to drop capabilities")); error (EXIT_FAILURE, 0, _("cap_set_proc failed")); /* NOTREACHED */ } cap_free (new_caps); if (prctl (PR_SET_KEEPCAPS, 0) == -1) { dbg_log (_("Failed to unset keep-capabilities")); error (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed")); /* NOTREACHED */ } }
static void test_set_ambient_caps(void) { cap_t caps; uint64_t set = 0; cap_flag_value_t fv; caps = cap_get_proc(); assert_se(caps); assert_se(!cap_get_flag(caps, CAP_CHOWN, CAP_INHERITABLE, &fv)); assert(fv == CAP_CLEAR); cap_free(caps); assert_se(prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_CHOWN, 0, 0) == 0); set = (UINT64_C(1) << CAP_CHOWN); assert_se(!capability_ambient_set_apply(set, true)); caps = cap_get_proc(); assert_se(!cap_get_flag(caps, CAP_CHOWN, CAP_INHERITABLE, &fv)); assert(fv == CAP_SET); cap_free(caps); assert_se(prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_CHOWN, 0, 0) == 1); }
/* ensure this process has CAP_SYS_CHROOT capability. */ void ensure_capsyschroot(const char *executable) { cap_t caps = cap_get_proc(); // all current capabilities. cap_flag_value_t chroot_permitted, chroot_effective; if (!caps) perror("cap_get_proc"); /* effective and permitted flags should be set for CAP_SYS_CHROOT. */ cap_get_flag(caps, CAP_SYS_CHROOT, CAP_PERMITTED, &chroot_permitted); cap_get_flag(caps, CAP_SYS_CHROOT, CAP_EFFECTIVE, &chroot_effective); if (chroot_permitted != CAP_SET || chroot_effective != CAP_SET) { fprintf(stderr, "Error: chroot: No CAP_SYS_CHROOT capability.\n"); exit(1); } cap_free(caps); }
/* * The zone is going away, so disable its cap. */ void cpucaps_zone_remove(zone_t *zone) { mutex_enter(&caps_lock); while (ZONE_IS_CAPPED(zone)) { mutex_exit(&caps_lock); (void) cpucaps_zone_set(zone, NOCAP); mutex_enter(&caps_lock); } if (zone->zone_cpucap != NULL) { cap_free(zone->zone_cpucap); zone->zone_cpucap = NULL; } mutex_exit(&caps_lock); }
void linux_drop_privs(void) { cap_t caps = cap_init(); int num = 2; cap_value_t capList[] = { CAP_NET_ADMIN, CAP_SETUID }; cap_set_flag(caps, CAP_EFFECTIVE, num, capList, CAP_SET); cap_set_flag(caps, CAP_INHERITABLE, num, capList, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, num, capList, CAP_SET); if (cap_set_proc(caps)) err(1, "cap_set_flag()"); if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) err(1, "prctl()"); cap_free(caps); if (setuid(666) == -1) err(1, "setuid()"); caps = cap_init(); num = 1; cap_set_flag(caps, CAP_EFFECTIVE, num, capList, CAP_SET); cap_set_flag(caps, CAP_INHERITABLE, num, capList, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, num, capList, CAP_SET); if (cap_set_proc(caps)) err(1, "cap_set_proc()"); cap_free(caps); /* XXX this really sucks. The guy can screw with our net =( */ }
static void dropCapability(cap_value_t capability) { cap_t caps; cap_value_t cap_list[] = { capability }; caps = cap_get_proc(); if (caps == nullptr) { Log::error("Error: cap_get_proc() failed."); std::exit(1); } char *capText = cap_to_text(caps, nullptr); Log::info("Capabilities first: " + std::string(capText)); cap_free(capText); if (cap_set_flag(caps, CAP_EFFECTIVE, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1 || cap_set_flag(caps, CAP_PERMITTED, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1) { Log::error("Error: cap_set_flag() failed."); std::exit(1); } if (cap_set_proc(caps) == -1) { Log::error("Error: cap_set_proc() failed."); std::exit(1); } capText = cap_to_text(caps, nullptr); Log::info("Capabilities now: " + std::string(capText)); cap_free(capText); cap_free(caps); }
/* * Set zone's maximum burst time in seconds. A burst time of 0 means that * the zone can run over its baseline indefinitely. */ int cpucaps_zone_set_burst_time(zone_t *zone, rctl_qty_t base_val) { cpucap_t *cap = NULL; hrtime_t value; ASSERT(base_val <= INT_MAX); /* Treat the default as 0 - no limit */ if (base_val == INT_MAX) base_val = 0; if (base_val > INT_MAX) base_val = INT_MAX; if (CPUCAPS_OFF() || !ZONE_IS_CAPPED(zone)) return (0); if (zone->zone_cpucap == NULL) cap = cap_alloc(); mutex_enter(&caps_lock); if (cpucaps_busy) { mutex_exit(&caps_lock); return (EBUSY); } /* * Double-check whether zone->zone_cpucap is NULL, now with caps_lock * held. If it is still NULL, assign a newly allocated cpucap to it. */ if (zone->zone_cpucap == NULL) { zone->zone_cpucap = cap; } else if (cap != NULL) { cap_free(cap); } cap = zone->zone_cpucap; value = SEC_TO_TICK(base_val); if (value < 0) value = 0; cap->cap_burst_limit = value; mutex_exit(&caps_lock); return (0); }
int main(int argc, char *argv[]) { #if HAVE_SYS_CAPABILITY_H #ifdef HAVE_LIBCAP int ret = 1; cap_flag_value_t f; cap_value_t v[1]; cap_t cur; /* Make sure CAP_SYS_ADMIN is not in pI */ cur = cap_get_proc(); ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_INHERITABLE, &f); if (f == CAP_SET) { v[0] = CAP_SYS_ADMIN; ret = cap_set_flag(cur, CAP_INHERITABLE, 1, v, CAP_CLEAR); if (!ret) ret = cap_set_proc(cur); if (ret) { tst_resm(TBROK, "Failed to drop cap_sys_admin from pI\n"); tst_exit(); } } else if (ret) { tst_brkm(TBROK | TERRNO, NULL, "Failed to add \ CAP_SYS_ADMIN to pI"); } cap_free(cur); /* drop the capability from bounding set */ ret = prctl(PR_CAPBSET_DROP, CAP_SYS_ADMIN); if (ret) { tst_resm(TFAIL, "Failed to drop CAP_SYS_ADMIN from bounding set.\n"); tst_resm(TINFO, "(ret=%d, errno %d)\n", ret, errno); tst_exit(); } /* execute "check_pe 0" */ execl("check_pe", "check_pe", "0", NULL); tst_resm(TBROK, "Failed to execute check_pe (errno %d)\n", errno); #else /* libcap */ tst_resm(TCONF, "System doesn't have POSIX capabilities."); #endif #else /* capability_h */ tst_resm(TCONF, "System doesn't have sys/capability.h."); #endif tst_exit(); }
/*-------------------------------------------------------------------*/ DLL_EXPORT int drop_privileges(int capa) { uid_t uid; gid_t gid; cap_t c; int rc; int failed; cap_value_t v; int have_capt; /* If *real* userid is root, no need to do all this */ uid=getuid(); if(!uid) return 0; failed=1; have_capt=0; do { c=cap_init(); if(!c) break; have_capt=1; v=capa; rc=cap_set_flag(c,CAP_EFFECTIVE,1,&v,CAP_SET); if(rc<0) break; rc=cap_set_flag(c,CAP_INHERITABLE,1,&v,CAP_SET); if(rc<0) break; rc=cap_set_flag(c,CAP_PERMITTED,1,&v,CAP_SET); if(rc<0) break; rc=cap_set_proc(c); if(rc<0) break; rc=prctl(PR_SET_KEEPCAPS,1); if(rc<0) break; failed=0; } while(0); gid=getgid(); setregid(gid,gid); setreuid(uid,uid); if(!failed) { rc=cap_set_proc(c); if(rc<0) failed=1; } if(have_capt) cap_free(c); return failed; }
int main(int argc, char *argv[]) { #ifdef HAVE_SYS_CAPABILITY_H #ifdef HAVE_LIBCAP int ret = 1; cap_flag_value_t f; cap_t cur; int n; if (argc != 2) { tst_resm(TBROK, "Usage: check_pe [0|1]\n"); tst_exit(); } n = atoi(argv[1]); if (n != 0 && n != 1) { tst_resm(TBROK, "Usage: check_pe [0|1]\n"); tst_exit(); } cur = cap_get_proc(); ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_EFFECTIVE, &f); if (ret) { tst_resm(TBROK, "cap_get_flag failed (errno %d)\n", errno); tst_exit(); } cap_free(cur); if (n == 1) { if (f == CAP_SET) { tst_resm(TPASS, "cap is in pE\n"); tst_exit(); } tst_resm(TFAIL, "cap is not in pE\n"); tst_exit(); } if (f == CAP_CLEAR) { tst_resm(TPASS, "cap is not in pE\n"); tst_exit(); } tst_resm(TFAIL, "Cap is in pE\n"); #else /* libcap */ tst_resm(TCONF, "System doesn't have POSIX capabilities."); #endif #else /* capability_h */ tst_resm(TCONF, "System doesn't have sys/capability.h"); #endif tst_exit(); }
__forceinline char * stack_allocator::allocate(int size_bytes){ //round size_bytes up to multiple of 4 if(size_bytes==0){ perror("Allocating 0 bytes?\n");fflush(stdout); abort(); }; int size = (size_bytes+3)>>2; if(cap_free()<size+overhead){//check if it fits throw std::bad_alloc(); }; int * P = beg()-size; block_size(P) = size; mark_block_used(P); _beg = P-overhead; return (char*)P; };
void drop_capabilities(void) { #ifdef CAPABILITIES cap_t cap = cap_init(); if (cap_set_proc(cap) < 0) { perror("ping: cap_set_proc"); exit(-1); } cap_free(cap); #else if (setuid(getuid())) { perror("ping: setuid"); exit(-1); } #endif }
static PyObject * strcaps_get_process(PyObject *self, PyObject *args) { // (int) pid or None int pid = 0; if (!PyArg_ParseTuple(args, "|i", &pid)) return NULL; cap_t caps; if (!pid) caps = cap_get_proc(); else caps = cap_get_pid(pid); size_t strcaps_len; char *strcaps; if (caps == NULL) { if (errno == ENODATA) { strcaps = "\0"; strcaps_len = 0; } else { PyErr_SetFromErrno(PyExc_OSError); return NULL; } } else strcaps = cap_to_text(caps, &strcaps_len); cap_free(caps); return Py_BuildValue("s#", strcaps, strcaps_len); }; // (str) caps