cap_t preserve_capabilities (void) { if (getuid () != 0) /* Not root, then we cannot preserve anything. */ return NULL; if (prctl (PR_SET_KEEPCAPS, 1) == -1) { dbg_log (_("Failed to set keep-capabilities")); error (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed")); /* NOTREACHED */ } cap_t tmp_caps = cap_init (); cap_t new_caps = NULL; if (tmp_caps != NULL) new_caps = cap_init (); if (tmp_caps == NULL || new_caps == NULL) { if (tmp_caps != NULL) cap_free (tmp_caps); dbg_log (_("Failed to initialize drop of capabilities")); error (EXIT_FAILURE, 0, _("cap_init failed")); } /* There is no reason why these should not work. */ cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list, (cap_value_t *) new_cap_list, CAP_SET); cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list, (cap_value_t *) new_cap_list, CAP_SET); cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list, (cap_value_t *) tmp_cap_list, CAP_SET); cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list, (cap_value_t *) tmp_cap_list, CAP_SET); int res = cap_set_proc (tmp_caps); cap_free (tmp_caps); if (__builtin_expect (res != 0, 0)) { cap_free (new_caps); dbg_log (_("Failed to drop capabilities")); error (EXIT_FAILURE, 0, _("cap_set_proc failed")); } return new_caps; }
int avahi_caps_reduce2(void) { int ret = 0; cap_t caps; static cap_value_t cap_values[] = { CAP_SYS_CHROOT }; /* Reduce our caps to the bare minimum and tell Linux not to keep * them across setuid(). This is called after we drop * privileges. */ /* No longer retain caps across setuid() */ if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0) { avahi_log_error("prctl(PR_SET_KEEPCAPS) failed: %s", strerror(errno)); ret = -1; } caps = cap_init(); assert(caps); cap_clear(caps); /* setuid() zeroed our effective caps, let's get them back */ cap_set_flag(caps, CAP_EFFECTIVE, 1, cap_values, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, 1, cap_values, CAP_SET); if (cap_set_proc(caps) < 0) { avahi_log_error("cap_set_proc() failed: %s", strerror(errno)); ret = -1; } cap_free(caps); return ret; }
int avahi_caps_reduce(void) { int ret = 0; cap_t caps; static cap_value_t cap_values[] = { CAP_SYS_CHROOT, CAP_SETUID, CAP_SETGID }; /* Let's reduce our caps to the minimum set and tell Linux to keep * them across setuid(). This is called before we drop * privileges. */ caps = cap_init(); assert(caps); cap_clear(caps); cap_set_flag(caps, CAP_EFFECTIVE, 3, cap_values, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, 3, cap_values, CAP_SET); if (cap_set_proc(caps) < 0) { avahi_log_error("cap_set_proc() failed: %s", strerror(errno)); ret = -1; } cap_free(caps); /* Retain capabilities across setuid() */ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) { avahi_log_error("prctl(PR_SET_KEEPCAPS) failed: %s", strerror(errno)); ret = -1; } return ret; }
static int issueReinit() { cap_t caps = cap_init(); (void)cap_clear(caps); (void)cap_set_proc(caps); (void)cap_free(caps); int sock = TEMP_FAILURE_RETRY(socket_local_client( "logd", ANDROID_SOCKET_NAMESPACE_RESERVED, SOCK_STREAM)); if (sock < 0) return -errno; static const char reinitStr[] = "reinit"; ssize_t ret = TEMP_FAILURE_RETRY(write(sock, reinitStr, sizeof(reinitStr))); if (ret < 0) return -errno; struct pollfd p; memset(&p, 0, sizeof(p)); p.fd = sock; p.events = POLLIN; ret = TEMP_FAILURE_RETRY(poll(&p, 1, 1000)); if (ret < 0) return -errno; if ((ret == 0) || !(p.revents & POLLIN)) return -ETIME; static const char success[] = "success"; char buffer[sizeof(success) - 1]; memset(buffer, 0, sizeof(buffer)); ret = TEMP_FAILURE_RETRY(read(sock, buffer, sizeof(buffer))); if (ret < 0) return -errno; return strncmp(buffer, success, sizeof(success) - 1) != 0; }
// Setting linux capabilities (permitted, effective and inheritable) for the current process. // Permitted set indicates the capabilities what could be set for the process. // Effective set is a subset of permitted set, they are actually effective. // Inheritable set indicates the capabilities what the children will inherit from the current process. static bool setCapabilities(cap_value_t* capabilityList, int length) { // Capabilities should be initialized without flags. cap_t capabilities = cap_init(); if (!capabilities) { fprintf(stderr, "Failed to initialize process capabilities: %s.\n", strerror(errno)); return false; } if (cap_clear(capabilities) == -1) { fprintf(stderr, "Failed to clear process capabilities: %s.\n", strerror(errno)); return false; } if (capabilityList && length) { if (cap_set_flag(capabilities, CAP_EFFECTIVE, length, capabilityList, CAP_SET) == -1 || cap_set_flag(capabilities, CAP_INHERITABLE, length, capabilityList, CAP_SET) == -1 || cap_set_flag(capabilities, CAP_PERMITTED, length, capabilityList, CAP_SET) == -1) { fprintf(stderr, "Failed to set process capability flags: %s.\n", strerror(errno)); cap_free(capabilities); return false; } } if (cap_set_proc(capabilities) == -1) { fprintf(stderr, "Failed to set process capabilities: %s.\n", strerror(errno)); cap_free(capabilities); return false; } cap_free(capabilities); return true; }
int limit_capabilities(void) { cap_t cap_p; const cap_value_t caps[] = { CAP_NET_ADMIN, CAP_NET_RAW, }; int i; cap_p = cap_init(); if (!cap_p) { perror("cap_get_proc"); return -1; } for (i = 0; i < ARRAY_SIZE(caps); i++) { if (cap_clear(cap_p) < 0) { perror("cap_clear"); return -1; } if (cap_set_flag(cap_p, CAP_PERMITTED, ARRAY_SIZE(caps) - i, caps + i, CAP_SET) < 0) { perror("cap_set_flag"); return -1; } if (cap_set_proc(cap_p) < 0) continue; break; } if (i == ARRAY_SIZE(caps)) { perror("cap_set_proc"); if (errno != EPERM) return -1; } if (prctl(PR_SET_KEEPCAPS, 1) < 0) { perror("prctl"); return -1; } if (setuid(getuid()) < 0) { perror("setuid"); return -1; } if (prctl(PR_SET_KEEPCAPS, 0) < 0) { perror("prctl"); return -1; } cap_free(cap_p); uid = getuid(); euid = geteuid(); return 0; }
static int give_capabilities (pid_t pid) { cap_t caps = cap_init(); const unsigned caps_size = 4; cap_value_t cap_list[] = { CAP_SETPCAP, CAP_SYS_NICE, CAP_SYS_RESOURCE, CAP_IPC_LOCK} ; if (caps == NULL) { fprintf (stderr, "jackstart: could not allocate capability working storage\n"); return -1; } cap_clear(caps); if (capgetp (pid, caps)) { fprintf (stderr, "jackstart: could not get capabilities for process %d\n", pid); cap_clear(caps); } cap_set_flag(caps, CAP_EFFECTIVE, caps_size, cap_list , CAP_SET); cap_set_flag(caps, CAP_INHERITABLE, caps_size, cap_list , CAP_SET); cap_set_flag(caps, CAP_PERMITTED, caps_size, cap_list , CAP_SET); if (capsetp (pid, caps)) { fprintf (stderr, "jackstart: could not give capabilities: %s\n", strerror (errno)); cap_free (caps); return -1; } cap_free (caps); return 0; }
void vsf_sysdep_adopt_capabilities(unsigned int caps) { int retval; cap_value_t cap_value; cap_t adopt_caps = cap_init(); if (caps & kCapabilityCAP_CHOWN) { cap_value = CAP_CHOWN; cap_set_flag(adopt_caps, CAP_EFFECTIVE, 1, &cap_value, CAP_SET); cap_set_flag(adopt_caps, CAP_PERMITTED, 1, &cap_value, CAP_SET); } if (caps & kCapabilityCAP_NET_BIND_SERVICE) { cap_value = CAP_NET_BIND_SERVICE; cap_set_flag(adopt_caps, CAP_EFFECTIVE, 1, &cap_value, CAP_SET); cap_set_flag(adopt_caps, CAP_PERMITTED, 1, &cap_value, CAP_SET); } retval = cap_set_proc(adopt_caps); if (retval != 0) { die("cap_set_proc"); } cap_free(adopt_caps); }
void UnixMurmur::finalcap() { #ifdef Q_OS_LINUX cap_value_t caps[] = {CAP_SYS_RESOURCE}; struct rlimit r; if (! bRoot) return; if (getrlimit(RLIMIT_RTPRIO, &r) != 0) { qCritical("Failed to get priority limits."); } else { qWarning("Resource limits were %ld %ld", r.rlim_cur, r.rlim_max); r.rlim_cur = r.rlim_max = 1; if (setrlimit(RLIMIT_RTPRIO, &r) != 0) { qCritical("Failed to set priority limits."); } } int ncap = sizeof(caps)/sizeof(cap_value_t); cap_t c = cap_init(); cap_clear(c); cap_set_flag(c, CAP_EFFECTIVE, ncap, caps, CAP_SET); cap_set_flag(c, CAP_PERMITTED, ncap, caps, CAP_SET); if (cap_set_proc(c) != 0) { qCritical("Failed to set final capabilities"); } else { qWarning("Successfully dropped capabilities"); } cap_free(c); #endif }
static bool setMinimalCapabilities() { cap_t cap_d = cap_init(); if (cap_d != nullptr) { cap_value_t cap_list[] = {CAP_NET_BIND_SERVICE, CAP_SYS_RESOURCE, CAP_SYS_NICE}; cap_clear(cap_d); if (cap_set_flag(cap_d, CAP_PERMITTED, 3, cap_list, CAP_SET) < 0 || cap_set_flag(cap_d, CAP_EFFECTIVE, 3, cap_list, CAP_SET) < 0) { Logger::Error("cap_set_flag failed"); return false; } if (cap_set_proc(cap_d) == -1) { Logger::Error("cap_set_proc failed"); return false; } if (cap_free(cap_d) == -1) { Logger::Error("cap_free failed"); return false; } prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); return true; } return false; }
void UnixMurmur::initialcap() { #ifdef Q_OS_LINUX cap_value_t caps[] = {CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID, CAP_CHOWN, CAP_SYS_RESOURCE, CAP_DAC_OVERRIDE }; if (! bRoot) return; int ncap = sizeof(caps)/sizeof(cap_value_t); if (geteuid() != 0) ncap--; cap_t c = cap_init(); cap_clear(c); cap_set_flag(c, CAP_EFFECTIVE, ncap, caps, CAP_SET); cap_set_flag(c, CAP_INHERITABLE, ncap, caps, CAP_SET); cap_set_flag(c, CAP_PERMITTED, ncap, caps, CAP_SET); if (cap_set_proc(c) != 0) { qCritical("Failed to set initial capabilities"); } else { prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); } cap_free(c); #endif }
cap_t cap_get_file(const char *filename) { cap_t result; /* allocate a new capability set */ result = cap_init(); if (result) { struct vfs_cap_data rawvfscap; int sizeofcaps; _cap_debug("getting filename capabilities"); /* fill the capability sets via a system call */ sizeofcaps = getxattr(filename, XATTR_NAME_CAPS, &rawvfscap, sizeof(rawvfscap)); if (sizeofcaps < ssizeof(rawvfscap.magic_etc)) { cap_free(result); result = NULL; } else { result = _fcaps_load(&rawvfscap, result, sizeofcaps); } } return result; }
int main(void) { cap_channel_t *capcas, *cappwd; printf("1..188\n"); capcas = cap_init(); CHECKX(capcas != NULL); cappwd = cap_service_open(capcas, "system.pwd"); CHECKX(cappwd != NULL); cap_close(capcas); /* No limits. */ CHECK(runtest_cmds(cappwd) == (GETPWENT | GETPWENT_R | GETPWNAM | GETPWNAM_R | GETPWUID | GETPWUID_R)); test_cmds(cappwd); test_fields(cappwd); test_users(cappwd); cap_close(cappwd); exit(0); }
int drop_capabilities(void) { cap_t cap = cap_init(); if (cap_set_proc(cap) < 0) { perror("cap_set_proc"); return -1; } cap_free(cap); return 0; }
void kern_main(void) { cap_init(); ltbl_init(); comp_init(); thd_init(); inv_init(); kern_boot_comp(); }
/* run after child init we are uid User and gid Group */ static void ruid_child_init (apr_pool_t *p, server_rec *s) { UNUSED(s); int ncap; cap_t cap; cap_value_t capval[4]; /* detect default supplementary group IDs */ if ((startup_groupsnr = getgroups(RUID_MAXGROUPS, startup_groups)) == -1) { startup_groupsnr = 0; ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s ERROR getgroups() failed on child init, ignoring supplementary group IDs", MODULE_NAME); } /* setup chroot jailbreak */ if (chroot_used == RUID_CHROOT_USED && cap_mode == RUID_CAP_MODE_KEEP) { if ((root_handle = open("/.", O_RDONLY)) < 0) { root_handle = UNSET; ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR opening root file descriptor failed (%s)", MODULE_NAME, strerror(errno)); } else if (fcntl(root_handle, F_SETFD, FD_CLOEXEC) < 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR unable to set close-on-exec flag on root file descriptor (%s)", MODULE_NAME, strerror(errno)); if (close(root_handle) < 0) ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR closing root file descriptor (%d) failed", MODULE_NAME, root_handle); root_handle = UNSET; } else { /* register cleanup function */ apr_pool_cleanup_register(p, (void*)((long)root_handle), ruid_child_exit, apr_pool_cleanup_null); } } else { root_handle = (chroot_used == RUID_CHROOT_USED ? NONE : UNSET); } /* init cap with all zeros */ cap = cap_init(); capval[0] = CAP_SETUID; capval[1] = CAP_SETGID; ncap = 2; if (mode_stat_used == RUID_MODE_STAT_USED) { capval[ncap++] = CAP_DAC_READ_SEARCH; } if (root_handle != UNSET) { capval[ncap++] = CAP_SYS_CHROOT; } cap_set_flag(cap, CAP_PERMITTED, ncap, capval, CAP_SET); if (cap_set_proc(cap) != 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR %s:cap_set_proc failed", MODULE_NAME, __func__); } cap_free(cap); /* check if process is dumpable */ coredump = prctl(PR_GET_DUMPABLE); }
void linux_drop_privs(void) { cap_t caps = cap_init(); int num = 2; cap_value_t capList[] = { CAP_NET_ADMIN, CAP_SETUID }; cap_set_flag(caps, CAP_EFFECTIVE, num, capList, CAP_SET); cap_set_flag(caps, CAP_INHERITABLE, num, capList, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, num, capList, CAP_SET); if (cap_set_proc(caps)) err(1, "cap_set_flag()"); if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) err(1, "prctl()"); cap_free(caps); if (setuid(666) == -1) err(1, "setuid()"); caps = cap_init(); num = 1; cap_set_flag(caps, CAP_EFFECTIVE, num, capList, CAP_SET); cap_set_flag(caps, CAP_INHERITABLE, num, capList, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, num, capList, CAP_SET); if (cap_set_proc(caps)) err(1, "cap_set_proc()"); cap_free(caps); /* XXX this really sucks. The guy can screw with our net =( */ }
/*-------------------------------------------------------------------*/ DLL_EXPORT int drop_privileges(int capa) { uid_t uid; gid_t gid; cap_t c; int rc; int failed; cap_value_t v; int have_capt; /* If *real* userid is root, no need to do all this */ uid=getuid(); if(!uid) return 0; failed=1; have_capt=0; do { c=cap_init(); if(!c) break; have_capt=1; v=capa; rc=cap_set_flag(c,CAP_EFFECTIVE,1,&v,CAP_SET); if(rc<0) break; rc=cap_set_flag(c,CAP_INHERITABLE,1,&v,CAP_SET); if(rc<0) break; rc=cap_set_flag(c,CAP_PERMITTED,1,&v,CAP_SET); if(rc<0) break; rc=cap_set_proc(c); if(rc<0) break; rc=prctl(PR_SET_KEEPCAPS,1); if(rc<0) break; failed=0; } while(0); gid=getgid(); setregid(gid,gid); setreuid(uid,uid); if(!failed) { rc=cap_set_proc(c); if(rc<0) failed=1; } if(have_capt) cap_free(c); return failed; }
void drop_capabilities(void) { #ifdef CAPABILITIES cap_t cap = cap_init(); if (cap_set_proc(cap) < 0) { perror("ping: cap_set_proc"); exit(-1); } cap_free(cap); #else if (setuid(getuid())) { perror("ping: setuid"); exit(-1); } #endif }
static int /* Drop all capabilities from all sets */ dropAllCaps(void) { cap_t empty; int s; empty = cap_init(); if (empty == NULL) return -1; s = cap_set_proc(empty); if (cap_free(empty) == -1) return -1; return s; }
cap_t cap_get_proc(void) { cap_t result; /* allocate a new capability set */ result = cap_init(); if (result) { _cap_debug("getting current process' capabilities"); /* fill the capability sets via a system call */ if (capget(&result->head, &result->set)) { cap_free(&result); } } return result; }
int drop_all_caps (void) { cap_t empty; int ret; empty = cap_init (); if (empty == NULL) return -1; ret = cap_set_proc (empty); if (cap_free (empty) == -1) return -1; return ret; }
int lxc_caps_reset(void) { cap_t cap = cap_init(); int ret = 0; if (!cap) { ERROR("cap_init() failed : %m"); return -1; } if (cap_set_proc(cap)) { ERROR("cap_set_proc() failed : %m"); ret = -1; } cap_free(cap); return ret; }
int avahi_caps_drop_all(void) { cap_t caps; int ret = 0; /* Drop all capabilities and turn ourselves into a normal user process */ caps = cap_init(); assert(caps); cap_clear(caps); if (cap_set_proc(caps) < 0) { avahi_log_error("cap_set_proc() failed: %s", strerror(errno)); ret = -1; } cap_free(caps); return ret; }
cap_t cap_get_file(const char *filename) { cap_t result; /* allocate a new capability set */ result = cap_init(); if (result) { _cap_debug("getting named file capabilities"); /* fill the capability sets via a system call */ if (_getfilecap(filename, sizeof(struct __cap_s), &result->set[CAP_INHERITABLE], &result->set[CAP_PERMITTED], &result->set[CAP_EFFECTIVE] )) cap_free(&result); } return result; }
static int check_capabilities (void) { cap_t caps = cap_init(); cap_flag_value_t cap; pid_t pid; int have_all_caps = 1; if (caps == NULL) { fprintf (stderr, "jackstart: could not allocate capability working storage\n"); return 0; } pid = getpid (); cap_clear (caps); if (capgetp (pid, caps)) { fprintf (stderr, "jackstart: could not get capabilities for process %d\n", pid); return 0; } /* check that we are able to give capabilites to other processes */ cap_get_flag(caps, CAP_SETPCAP, CAP_EFFECTIVE, &cap); if (cap == CAP_CLEAR) { have_all_caps = 0; goto done; } /* check that we have the capabilities we want to transfer */ cap_get_flag(caps, CAP_SYS_NICE, CAP_EFFECTIVE, &cap); if (cap == CAP_CLEAR) { have_all_caps = 0; goto done; } cap_get_flag(caps, CAP_SYS_RESOURCE, CAP_EFFECTIVE, &cap); if (cap == CAP_CLEAR) { have_all_caps = 0; goto done; } cap_get_flag(caps, CAP_IPC_LOCK, CAP_EFFECTIVE, &cap); if (cap == CAP_CLEAR) { have_all_caps = 0; goto done; } done: cap_free (caps); return have_all_caps; }
cap_t cap_dup(cap_t cap_d) { cap_t result; if (!good_cap_t(cap_d)) { _cap_debug("bad argument"); errno = EINVAL; return NULL; } result = cap_init(); if (result == NULL) { _cap_debug("out of memory"); return NULL; } memcpy(result, cap_d, sizeof(*cap_d)); return result; }
cap_t cap_get_fd(int fildes) { cap_t result; /* allocate a new capability set */ result = cap_init(); if (result) { _cap_debug("getting fildes capabilities"); /* fill the capability sets via a system call */ if (_fgetfilecap(fildes, sizeof(struct __cap_s), &result->set[CAP_INHERITABLE], &result->set[CAP_PERMITTED], &result->set[CAP_EFFECTIVE] )) { cap_free(&result); } } return result; }
/** * Drop all capabilities. */ void setup_drop_caps() { cap_t empty; empty = cap_init(); if (!empty) { SYSERROR("cap_init() failed"); throw -1; } if ( capsetp(0, empty) ) { SYSERROR("capsetp() failed"); throw -1; } if ( cap_free(empty) ) { SYSERROR("cap_free() failed"); throw -1; } DEBUG("capabilities has been dropped"); }
// Drop all caps except CAP_SYS_TIME void drop_caps(void) { int r = 0; cap_t caps; cap_value_t needed_caps[1] = {CAP_SYS_TIME}; caps = cap_init(); if (caps == NULL) die("cap_init: %s\n", strerror(errno)); r = cap_set_flag(caps, CAP_EFFECTIVE, 1, needed_caps, CAP_SET); if (r != 0) die("cap_set_flag() failed\n"); r = cap_set_flag(caps, CAP_PERMITTED, 1, needed_caps, CAP_SET); if (r != 0) die("cap_set_flag: %s\n", strerror(errno)); r = cap_set_proc(caps); if (r != 0) die("cap_set_proc: %s\n", strerror(errno)); r = cap_free(caps); if (r != 0) die("cap_free: %s\n", strerror(errno)); }