int main(void) { struct __user_cap_header_struct* hdr; struct __user_cap_data_struct* data; ALLOCATE_GUARD(hdr, 'a'); hdr->version = 0; hdr->pid = 0; test_assert(0 == capget(hdr, NULL)); test_assert(hdr->version > 0); VERIFY_GUARD(hdr); ALLOCATE_GUARD(hdr, 'a'); hdr->version = _LINUX_CAPABILITY_VERSION_1; hdr->pid = 0; ALLOCATE_GUARD(data, 'b'); test_assert(0 == capget(hdr, data)); VERIFY_GUARD(hdr); VERIFY_GUARD(data); ALLOCATE_GUARD(hdr, 'c'); hdr->version = _LINUX_CAPABILITY_VERSION_3; hdr->pid = 0; data = allocate_guard(sizeof(*data) * 2, 'd'); test_assert(0 == capget(hdr, data)); VERIFY_GUARD(hdr); verify_guard(sizeof(*data) * 2, data); atomic_puts("EXIT-SUCCESS"); return 0; }
int main(void) { const int data[] = { 2, 4, 0, 8, 16, 0 }; const int v3 = 0x20080522; int * const head = tail_alloc(sizeof(int) * 2); head[0] = v3; head[1] = 0; int * const tail_data = tail_alloc(sizeof(data)); capget(NULL, NULL); capget(head + 2, tail_data); capget(head, tail_data + ARRAY_SIZE(data)); if (capget(head, tail_data)) perror_msg_and_skip("capget"); if (head[0] != v3) error_msg_and_skip("capget: v3 expected"); memcpy(tail_data, data, sizeof(data)); if (capset(head, data) == 0 || errno != EPERM) perror_msg_and_skip("capset"); return 0; }
static void lower_my_caps(void) { struct __user_cap_header_struct caphdr = { .version = _LINUX_CAPABILITY_VERSION }; cap_user_data_t capdata; ssize_t capstrlen = 0; cap_t my_cap; char *cap_text; int capsz; (void) capget(&caphdr, NULL); switch (caphdr.version) { case _LINUX_CAPABILITY_VERSION_1: capsz = _LINUX_CAPABILITY_U32S_1; break; case _LINUX_CAPABILITY_VERSION_2: capsz = _LINUX_CAPABILITY_U32S_2; break; default: abort(); /* can't happen */ } capdata = gsh_calloc(capsz, sizeof(struct __user_cap_data_struct)); caphdr.pid = getpid(); if (capget(&caphdr, capdata) != 0) LogFatal(COMPONENT_INIT, "Failed to query capabilities for process, errno=%u", errno); /* Set the capability bitmask to remove CAP_SYS_RESOURCE */ if (capdata->effective & CAP_TO_MASK(CAP_SYS_RESOURCE)) capdata->effective &= ~CAP_TO_MASK(CAP_SYS_RESOURCE); if (capdata->permitted & CAP_TO_MASK(CAP_SYS_RESOURCE)) capdata->permitted &= ~CAP_TO_MASK(CAP_SYS_RESOURCE); if (capdata->inheritable & CAP_TO_MASK(CAP_SYS_RESOURCE)) capdata->inheritable &= ~CAP_TO_MASK(CAP_SYS_RESOURCE); if (capset(&caphdr, capdata) != 0) LogFatal(COMPONENT_INIT, "Failed to set capabilities for process, errno=%u", errno); else LogEvent(COMPONENT_INIT, "CAP_SYS_RESOURCE was successfully removed for proper quota management in FSAL"); /* Print newly set capabilities (same as what CLI "getpcaps" displays */ my_cap = cap_get_proc(); cap_text = cap_to_text(my_cap, &capstrlen); LogEvent(COMPONENT_INIT, "currenty set capabilities are: %s", cap_text); cap_free(cap_text); cap_free(my_cap); gsh_free(capdata); }
static void raise_caps() { // Raise CapInh to match CapPrm, so that we can set the ambient bits. __user_cap_header_struct capheader; memset(&capheader, 0, sizeof(capheader)); capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; __user_cap_data_struct capdata[2]; if (capget(&capheader, &capdata[0]) == -1) { fatal_errno("capget failed"); } if (capdata[0].permitted != capdata[0].inheritable || capdata[1].permitted != capdata[1].inheritable) { capdata[0].inheritable = capdata[0].permitted; capdata[1].inheritable = capdata[1].permitted; if (capset(&capheader, &capdata[0]) == -1) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "capset failed: %s", strerror(errno)); } } // Set the ambient capability bits so that crash_dump gets all of our caps and can ptrace us. uint64_t capmask = capdata[0].inheritable; capmask |= static_cast<uint64_t>(capdata[1].inheritable) << 32; for (unsigned long i = 0; i < 64; ++i) { if (capmask & (1ULL << i)) { if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0, 0) != 0) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "failed to raise ambient capability %lu: %s", i, strerror(errno)); } } } }
int check_capabilities() { struct __user_cap_header_struct cap_header; struct __user_cap_data_struct cap_data; cap_header.pid = getpid(); cap_header.version = _LINUX_CAPABILITY_VERSION; /* Check if oor is already running: /var/run/oor.pid */ if (capget(&cap_header, &cap_data) < 0) { OOR_LOG(LCRIT, "Could not retrieve capabilities"); return BAD; } OOR_LOG(LWRN, "Rights: Effective [%u] Permitted [%u]", cap_data.effective, cap_data.permitted); /* check for capabilities */ if( (cap_data.effective & CAP_TO_MASK(CAP_NET_ADMIN)) && (cap_data.effective & CAP_TO_MASK(CAP_NET_RAW)) ) { } else { OOR_LOG(LCRIT, "Insufficient rights, you need CAP_NET_ADMIN and CAP_NET_RAW. See README"); return BAD; } return GOOD; }
static int drop_privs() { int res; struct __user_cap_header_struct head; struct __user_cap_data_struct newcaps; head.version = _LINUX_CAPABILITY_VERSION; head.pid = 0; res = capget(&head, &oldcaps); if(res == -1) { fprintf(stderr, "%s: failed to get capabilities: %s\n", progname, strerror(errno)); return -1; } oldfsuid = setfsuid(getuid()); oldfsgid = setfsgid(getgid()); newcaps = oldcaps; /* Keep CAP_SYS_ADMIN for mount */ newcaps.effective &= (1 << CAP_SYS_ADMIN); head.version = _LINUX_CAPABILITY_VERSION; head.pid = 0; res = capset(&head, &newcaps); if(res == -1) { fprintf(stderr, "%s: failed to set capabilities: %s\n", progname, strerror(errno)); return -1; } return 0; }
static void set_capability(unsigned capability) { #ifndef _LINUX_CAPABILITY_VERSION #define _LINUX_CAPABILITY_VERSION 0x19980330 #endif /* these can be removed when they are in glibc headers */ struct { uint32 version; int pid; } header; struct { uint32 effective; uint32 permitted; uint32 inheritable; } data; header.version = _LINUX_CAPABILITY_VERSION; header.pid = 0; if (capget(&header, &data) == -1) { DEBUG(3,("Unable to get kernel capabilities (%s)\n", strerror(errno))); return; } data.effective |= (1<<capability); if (capset(&header, &data) == -1) { DEBUG(3,("Unable to set %d capability (%s)\n", capability, strerror(errno))); } }
int main(void) { struct __user_cap_header_struct uch; struct __user_cap_data_struct ucd; uch.version = _LINUX_CAPABILITY_VERSION_3; uch.pid = getpid(); return capget(&uch, &ucd); }
/* * Check for superuser privileges */ int check_capabilities() { struct __user_cap_header_struct cap_header; struct __user_cap_data_struct cap_data; cap_header.pid = getpid(); cap_header.version = _LINUX_CAPABILITY_VERSION; if (capget(&cap_header, &cap_data) < 0) { lispd_log_msg(LISP_LOG_ERR, "Could not retrieve capabilities"); return BAD; } lispd_log_msg(LISP_LOG_DEBUG_1, "Rights: Effective [%u] Permitted [%u]", cap_data.effective, cap_data.permitted); /* check for capabilities */ if( (cap_data.effective & CAP_TO_MASK(CAP_NET_ADMIN)) && (cap_data.effective & CAP_TO_MASK(CAP_NET_RAW)) ) { } else { lispd_log_msg(LISP_LOG_CRIT, "Insufficient rights, you need CAP_NET_ADMIN and CAP_NET_RAW. See README"); return BAD; } /* Clear all but the capability to bind to low ports */ cap_data.effective = CAP_TO_MASK(CAP_NET_ADMIN) | CAP_TO_MASK(CAP_NET_RAW); cap_data.permitted = cap_data.effective ; cap_data.inheritable = 0; if (capset(&cap_header, &cap_data) < 0) { lispd_log_msg(LISP_LOG_WARNING, "Could not drop privileges"); return BAD; } /* Tell kernel not clear permitted capabilities when dropping root */ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) { lispd_log_msg(LISP_LOG_WARNING, "Sprctl(PR_SET_KEEPCAPS) failed"); return GOOD; } /* Now we can drop privilege, drop effective rights even with KEEPCAPS */ if (setuid(getuid()) < 0) { lispd_log_msg(LISP_LOG_WARNING, "Could not drop privileges"); } /* that's why we need to set effective rights equal to permitted rights */ if (capset(&cap_header, &cap_data) < 0) { lispd_log_msg(LISP_LOG_CRIT, "Could not set effective rights to permitted ones"); return (BAD); } lispd_log_msg(LISP_LOG_DEBUG_1, "Rights: Effective [%u] Permitted [%u]", cap_data.effective, cap_data.permitted); return GOOD; }
static bool set_capabilities(void) { #if defined(ANDROID) struct __user_cap_header_struct header; struct __user_cap_data_struct cap; header.version = _LINUX_CAPABILITY_VERSION; header.pid = 0; /* * CAP_NET_ADMIN: Allow use of MGMT interface * CAP_NET_BIND_SERVICE: Allow use of privileged PSM * CAP_NET_RAW: Allow use of bnep ioctl calls */ cap.effective = cap.permitted = CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_NET_ADMIN) | CAP_TO_MASK(CAP_NET_BIND_SERVICE); cap.inheritable = 0; /* don't clear capabilities when dropping root */ if (prctl(PR_SET_KEEPCAPS, 1) < 0) { error("%s: prctl(): %s", __func__, strerror(errno)); return false; } /* Android bluetooth user UID=1002 */ if (setuid(1002) < 0) { error("%s: setuid(): %s", __func__, strerror(errno)); return false; } /* TODO: Move to cap_set_proc once bionic support it */ if (capset(&header, &cap) < 0) { error("%s: capset(): %s", __func__, strerror(errno)); return false; } /* TODO: Move to cap_get_proc once bionic support it */ if (capget(&header, &cap) < 0) { error("%s: capget(): %s", __func__, strerror(errno)); return false; } DBG("Caps: eff: 0x%x, perm: 0x%x, inh: 0x%x", cap.effective, cap.permitted, cap.inheritable); #endif return true; }
int main(void) { int unused[6]; const int data[] = { 2, 4, 0, 8, 16, 0 }; const int v3 = 0x20080522; int head[] = { v3, 0 }; if (capget(head, unused) || head[0] != v3 || capset(head, data) == 0 || errno != EPERM) return 77; return 0; }
static int has_capabilities(__u32 mask) { struct __user_cap_header_struct header; struct __user_cap_data_struct data; header.version = _LINUX_CAPABILITY_VERSION; header.pid = getpid(); if (capget(&header, &data)) { NMF_LOG("Error: capget failed : %s\n", strerror(errno)); } return data.effective & mask; }
static void show(pid_t pid) { struct __user_cap_header_struct header; struct __user_cap_data_struct user; header.version = _LINUX_CAPABILITY_VERSION; header.pid = pid; if (capget(&header,&user)==-1){ perror ("reducecap: capget()"); exit(wrapper_exit_code); } printReducecap(&user); }
static void init(void) { if (m.state != CAPNG_NEW) return; memset(&m.hdr, 0, sizeof(m.hdr)); (void)capget(&m.hdr, NULL); // Returns -EINVAL if (m.hdr.version == _LINUX_CAPABILITY_VERSION_3 || m.hdr.version == _LINUX_CAPABILITY_VERSION_2) { m.cap_ver = 3; } else if (m.hdr.version == _LINUX_CAPABILITY_VERSION_1) { m.cap_ver = 1; } else { m.state = CAPNG_ERROR; return; } memset(&m.data, 0, sizeof(cap_data_t)); #ifdef HAVE_SYSCALL_H m.hdr.pid = (unsigned)syscall(__NR_gettid); #else m.hdr.pid = (unsigned)getpid(); #endif // Detect last cap if (last_cap == -1) { int fd; fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY); if (fd == -1) { if (errno != ENOENT) { m.state = CAPNG_ERROR; return; } } else { char buf[8]; int num = read(fd, buf, sizeof(buf) - 1); if (num > 0) { buf[num] = 0; errno = 0; int val = strtoul(buf, NULL, 10); if (errno == 0) last_cap = val; } close(fd); } if (last_cap == -1) last_cap = CAP_LAST_CAP; } m.state = CAPNG_ALLOCATED; }
cap_t cap_get_proc(void) { cap_t result; /* allocate a new capability set */ result = cap_init(); if (result) { _cap_debug("getting current process' capabilities"); /* fill the capability sets via a system call */ if (capget(&result->head, &result->set)) { cap_free(&result); } } return result; }
int capgetp(pid_t pid, cap_t cap_d) { int error; if (!good_cap_t(cap_d)) { errno = EINVAL; return -1; } _cap_debug("getting process capabilities for proc %d", pid); cap_d->head.pid = pid; error = capget(&cap_d->head, &cap_d->set); cap_d->head.version = _LINUX_CAPABILITY_VERSION; cap_d->head.pid = 0; return error; }
int main(int ac, char **av) { int lc, i; /* loop counter */ char *msg; /* message returned from parse_opts */ /* parse standard options */ if ((msg = parse_opts(ac, av, (option_t *) NULL, NULL)) != (char *)NULL) { tst_brkm(TBROK, tst_exit, "OPTION PARSING ERROR - %s", msg); } /* perform global setup for test */ setup(); /* check looping state if -i option given */ for (lc = 0; TEST_LOOPING(lc); lc++) { /* reset Tst_count in case we are looping. */ Tst_count = 0; for (i = 0; i < TST_TOTAL; ++i) { test_setup(i); TEST(capget(test_cases[i].headerp, test_cases[i].datap)); if ((TEST_RETURN == -1) && (TEST_ERRNO == test_cases[i].exp_errno)) { tst_resm(TPASS, "capget() returned -1," " errno: %s", test_cases[i].errdesc); } else { tst_resm(TFAIL|TTERRNO, "Test Failed, capget() returned %ld", TEST_RETURN); } TEST_ERROR_LOG(TEST_ERRNO); } } /* End for TEST_LOOPING */ /* cleanup and exit */ cleanup(); /*NOTREACHED*/ return 0; } /* End main */
static void acquire_caps (void) { struct __user_cap_header_struct hdr = { _LINUX_CAPABILITY_VERSION_3, 0 }; struct __user_cap_data_struct data[2] = { { 0 } }; if (capget (&hdr, data) < 0) die_with_error ("capget failed"); if (((data[0].effective & REQUIRED_CAPS_0) == REQUIRED_CAPS_0) && ((data[0].permitted & REQUIRED_CAPS_0) == REQUIRED_CAPS_0) && ((data[1].effective & REQUIRED_CAPS_1) == REQUIRED_CAPS_1) && ((data[1].permitted & REQUIRED_CAPS_1) == REQUIRED_CAPS_1)) is_privileged = TRUE; if (getuid () != geteuid ()) { /* Tell kernel not clear capabilities when dropping root */ if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) die_with_error ("prctl(PR_SET_KEEPCAPS) failed"); /* Drop root uid, but retain the required permitted caps */ if (setuid (getuid ()) < 0) die_with_error ("unable to drop privs"); } if (is_privileged) { /* Drop all non-require capabilities */ data[0].effective = REQUIRED_CAPS_0; data[0].permitted = REQUIRED_CAPS_0; data[0].inheritable = 0; data[1].effective = REQUIRED_CAPS_1; data[1].permitted = REQUIRED_CAPS_1; data[1].inheritable = 0; if (capset (&hdr, data) < 0) die_with_error ("capset failed"); } /* Else, we try unprivileged user namespaces */ /* We need the process to be dumpable, or we can't access /proc/self/uid_map */ if (prctl (PR_SET_DUMPABLE, 1, 0, 0, 0) < 0) die_with_error ("prctl(PR_SET_DUMPABLE) failed"); }
static bool verifyCap() { int retried = 0; struct __user_cap_header_struct header; struct __user_cap_data_struct user[2]; header.version = _LINUX_CAPABILITY_VERSION_3; header.pid = 0; if (getuid()!=0) { WRITE_MSG(2, "'VERIFYCAP' can be executed as root only\n"); return false; } // if( prctl( PR_SET_KEEPCAPS, 1,0,0,0 ) < 0 ) { // perror( "prctl:" ); // return false; // } retry: if (capget(&header, user)==-1) { if (!retried && header.version != _LINUX_CAPABILITY_VERSION_3) { header.version = _LINUX_CAPABILITY_VERSION_1; retried = 1; goto retry; } perror("capget()"); return false; } user[0].effective = user[1].effective = 0; user[0].permitted = user[1].permitted = 0; user[0].inheritable = user[1].inheritable = 0; if (capset(&header, user)==-1) { perror("capset()"); return false; } return chroot("/")==-1; }
/* setup() - performs all ONE TIME setup for this test */ void setup() { /* capture signals */ tst_sig(NOFORK, DEF_HANDLER, cleanup); /* Pause if that option was specified */ TEST_PAUSE; /* * Save current capability data. * header.version must be _LINUX_CAPABILITY_VERSION */ header.version = _LINUX_CAPABILITY_VERSION; header.pid = 0; if ((capget(&header, &data)) == -1) { tst_brkm(TBROK, tst_exit, "capget() failed"); } } /* End setup() */
static int stress_capgetset_pid( const char *name, const pid_t pid, const bool do_set, uint64_t *counter, const bool exists) { int ret; struct __user_cap_header_struct uch; struct __user_cap_data_struct ucd[_LINUX_CAPABILITY_U32S_3]; memset(&uch, 0, sizeof uch); memset(ucd, 0, sizeof ucd); uch.version = _LINUX_CAPABILITY_VERSION_3; uch.pid = pid; ret = capget(&uch, ucd); if (ret < 0) { if (((errno == ESRCH) && exists) || (errno != ESRCH)) { pr_fail(stderr, "%s: capget on pid %d failed: errno=%d (%s)\n", name, pid, errno, strerror(errno)); } } if (do_set) { ret = capset(&uch, ucd); if (ret < 0) { if (((errno == ESRCH) && exists) || (errno != ESRCH)) { pr_fail(stderr, "%s: capget on pid %d failed: errno=%d (%s)\n", name, pid, errno, strerror(errno)); } } } (*counter)++; return ret; }
int capng_get_caps_process(void) { int rc; if (m.state == CAPNG_NEW) init(); if (m.state == CAPNG_ERROR) return -1; rc = capget((cap_user_header_t)&m.hdr, (cap_user_data_t)&m.data); if (rc == 0) { m.state = CAPNG_INIT; #ifdef PR_CAPBSET_DROP rc = get_bounding_set(); if (rc < 0) m.state = CAPNG_ERROR; #endif } return rc; }
int main(int argc, char **argv) { struct __user_cap_header_struct hdr; struct __user_cap_data_struct data[2]; memset(&hdr, 0, sizeof(hdr)); memset(&data, 0, sizeof(data)); hdr.version = _LINUX_CAPABILITY_VERSION_3; hdr.pid = 0; if(capget(&hdr, &data[0])) { put(2, "capget() error\n"); exit(2); } if(argc > 1) { int i, p; for(p=1;p>=0;p--) { for(i=31;i>=0;i--) { if(data[p].permitted & 1<<i) put(1, "x"); else put(1, "-"); } } put(1, "\n"); } /* this cap may be turned off by default depending on kernel config */ data[0].permitted |= (1 << CAP_SETPCAP); if(data[0].permitted == 0xffffffff && data[1].permitted == 0xffffffff) { put(1, "yes\n"); exit(0); } put(1, "no\n"); exit(1); }
int main(int ac, char **av) { int lc; /* loop counter */ char *msg; /* message returned from parse_opts */ /* parse standard options */ if ((msg = parse_opts(ac, av, (option_t *) NULL, NULL)) != (char *)NULL) { tst_brkm(TBROK, tst_exit, "OPTION PARSING ERROR - %s", msg); } /* perform global setup for test */ setup(); /* check looping state if -i option given */ for (lc = 0; TEST_LOOPING(lc); lc++) { /* reset Tst_count in case we are looping. */ Tst_count = 0; /* header.version must be _LINUX_CAPABILITY_VERSION */ header.version = _LINUX_CAPABILITY_VERSION; TEST(capget(&header, &data)); if (TEST_RETURN == 0) { tst_resm(TPASS, "capget() returned %ld", TEST_RETURN); } else { tst_resm(TFAIL|TTERRNO, "Test Failed, capget() returned %ld", TEST_RETURN); } } /* End for TEST_LOOPING */ /* cleanup and exit */ cleanup(); /*NOTREACHED*/ return 0; } /* End main */
/* setup() - performs all ONE TIME setup for this test */ void setup() { /* capture signals */ tst_sig(NOFORK, DEF_HANDLER, cleanup); /* Set up the expected error numbers for -e option */ TEST_EXP_ENOS(exp_enos); /* Pause if that option was specified */ TEST_PAUSE; /* * Save current capability data. * header.version must be _LINUX_CAPABILITY_VERSION */ header.version = _LINUX_CAPABILITY_VERSION; if ((capget(&header, &data)) == -1) { tst_brkm(TBROK|TERRNO, tst_exit, "capget() failed"); } } /* End setup() */
static jlong com_android_internal_os_ZygoteInit_capgetPermitted (JNIEnv *env, jobject clazz, jint pid) { struct __user_cap_header_struct capheader; struct __user_cap_data_struct capdata; int err; memset (&capheader, 0, sizeof(capheader)); memset (&capdata, 0, sizeof(capdata)); capheader.version = _LINUX_CAPABILITY_VERSION; capheader.pid = pid; err = capget (&capheader, &capdata); if (err < 0) { jniThrowIOException(env, errno); return 0; } return (jlong) capdata.permitted; }
int main(int argc, char **argv) { struct __user_cap_header_struct header = { _LINUX_CAPABILITY_VERSION_3, 0 }; struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_3]; if (argc < 2) { fprintf(stderr, "Usage: %s COMMAND [ARGS]\n", argv[0]); exit(1); } prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); if (setgid(getgid()) < 0 || setuid(getuid()) < 0) error(EXIT_FAILURE, 0, "Failed to drop privileges"); capget(&header, data); data[CAP_NET_BIND_SERVICE >> 5].inheritable = 1 << (CAP_NET_BIND_SERVICE & 31); capset(&header, data); prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, CAP_NET_BIND_SERVICE, 0, 0); execvp(argv[1], argv + 1); error(EXIT_FAILURE, errno, "exec %s", argv[1]); }
int main(int argc, char **argv) { int x = 0; char *args[10]; setuid(2); signal(SIGCHLD, sigchld); do_signals(); x += getpid(); x += getppid(); x += getuid(); x += getgid(); x += setsid(); x += seteuid(); x += setegid(); lseek(0, 0, -1); kill(0, 0); signal(99, 0); signal(SIGINT, int_handler); signal(SIGSEGV, segv_handler); // *(int *) 0 = 0; pipe(0); munmap(0, 0); mincore(0, 0); shmget(0); shmat(0); line = __LINE__; poll(-1, 0, 0); signal(SIGSEGV, SIG_IGN); // ppoll(-1, -1, -1, 0); signal(SIGSEGV, SIG_DFL); sched_yield(); readv(-1, 0, 0, 0); writev(-1, 0, 0, 0); msync(0, 0, 0); fsync(-1); fdatasync(-1); semget(0, 0, 0); semctl(0, 0, 0); uselib(NULL); pivot_root(0, 0); personality(-1); setfsuid(-1); flock(-1, 0); shmdt(0, 0, 0); times(0); mremap(0, 0, 0, 0, 0); madvise(0, 0, 0); fchown(-1, 0, 0); lchown(0, 0, 0); setreuid(); setregid(); link("/nonexistant", "/also-nonexistant"); do_slow(); symlink("/nothing", "/"); rename("/", "/"); mkdir("/junk/stuff////0", 0777); geteuid(); getsid(); getpgid(); getresuid(); getresgid(); getpgid(); ptrace(-1, 0, 0, 0); semop(0, 0, 0); capget(0, 0); line = __LINE__; gettimeofday(0, 0); settimeofday(0, 0); dup(-1); dup2(-1, -1); shmctl(0, 0, 0, 0); execve("/bin/nothing", "/bin/nothing", 0); alarm(9999); bind(0, 0, 0); socket(0, 0, 0); accept(0, 0, 0); listen(0); shutdown(0); getsockname(0, 0, 0); getpeername(0, 0, 0); truncate(0, 0); ftruncate(0, 0); line = __LINE__; if (vfork() == 0) exit(0); line = __LINE__; x = opendir("/", 0, 0); line = __LINE__; readdir(x, 0, 0); line = __LINE__; closedir(x); line = __LINE__; chroot("/"); line = __LINE__; sigaction(0, 0, 0); line = __LINE__; sigprocmask(0, 0, 0); x += open("/nothing", 0); x += chdir("/nothing"); x += mknod("/nothing/nothing", 0); x += ioctl(); execve("/nothing", NULL, NULL); line = __LINE__; x += close(-2); line = __LINE__; if (fork() == 0) exit(0); line = __LINE__; clone(clone_func, 0, 0, 0); line = __LINE__; brk(0); sbrk(0); line = __LINE__; mmap(0, 0, 0, 0, 0); line = __LINE__; uname(0); line = __LINE__; getcwd(0, 0); line = __LINE__; iopl(3); ioperm(0, 0, 0); mount(0, 0, 0, 0, 0); umount(0, 0); umount(0, 0, 0); swapon(0, 0); swapoff(0); sethostname(0); line = __LINE__; time(NULL); unlink("/nothing"); line = __LINE__; rmdir("/nothing"); chmod(0, 0); line = __LINE__; # if defined(__i386) || defined(__amd64) modify_ldt(0); # endif stat("/doing-nice", 0); nice(0); args[0] = "/bin/df"; args[1] = "-l"; args[2] = NULL; close(1); open("/dev/null", O_WRONLY); /***********************************************/ /* Some syscalls arent available direct */ /* from libc, so get them here. We mostly */ /* care about the ones which have caused */ /* implementation difficulty and kernel */ /* crashes - eventually we can be complete. */ /***********************************************/ line = __LINE__; open("/system-dependent-syscalls-follow", 0); line = __LINE__; if (fork() == 0) exit(0); {int status; while (wait(&status) >= 0) ; } sigaltstack(0, 0); /*vm86(0, 0);*/ /***********************************************/ /* Some syscalls arent directly accessible, */ /* e.g. legacy. */ /***********************************************/ #if defined(__x86_64__) trace(__LINE__, "x64 syscalls"); syscall(174, 0, 0, 0); // create_module syscall(176, 0, 0, 0); // delete_module syscall(178, 0, 0, 0); // query_module #else trace(__LINE__, "x32 syscalls"); syscall(0, 0, 0, 0); // restart_syscall syscall(34, 0, 0, 0); // nice syscall(59, 0, 0, 0); // oldolduname syscall(109, 0, 0, 0); // olduname if (fork() == 0) syscall(1, 0, 0, 0); // exit #endif line = __LINE__; execve("/bin/df", args, NULL); fprintf(stderr, "Error: should not get here -- %s\n", strerror(errno)); exit(1); }
int main(void) { int retVal; pthread_attr_t attr; struct sched_param schedParam; pthread_t thread; struct __user_cap_header_struct cap_header_data; cap_user_header_t cap_header = &cap_header_data; struct __user_cap_data_struct cap_data_data; cap_user_data_t cap_data = &cap_data_data; int ret; if (setresuid(0, 0, 0)) { fprintf(stderr, "Cannot switch to root: %s.\n", strerror(errno)); return 1; } cap_header->pid = getpid(); cap_header->version = _LINUX_CAPABILITY_VERSION; if (capget(cap_header, cap_data) < 0) { perror("Failed capget"); exit(1); } printf("Cap data 0x%x, 0x%x, 0x%x\n", cap_data->effective, cap_data->permitted, cap_data->inheritable); /* Clear all but the capability to bind to low ports */ cap_data->effective |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE); cap_data->permitted |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE); cap_data->inheritable |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE); if (capset(cap_header, cap_data) < 0) printf("capset failed"); printf("Cap data 0x%x, 0x%x, 0x%x\n", cap_data->effective, cap_data->permitted, cap_data->inheritable); ret = nice(-1); printf("nice: %d\n", ret); /* Tell kernel not clear capabilities when dropping root */ if (prctl(PR_SET_KEEPCAPS, 1) < 0) printf("prctl(PR_SET_KEEPCAPS) failed "); setresuid(1000,1000,1000); printf("setresuid\n"); /* Clear all but the capability to bind to low ports */ cap_data->effective |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE); cap_data->permitted |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE); cap_data->inheritable |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE); if (capset(cap_header, cap_data) < 0) printf("capset failed"); printf("Cap data 0x%x, 0x%x, 0x%x\n", cap_data->effective, cap_data->permitted, cap_data->inheritable); retVal = pthread_attr_init(&attr); if (retVal) { fprintf(stderr, "pthread_attr_init error %d\n", retVal); exit(1); } retVal = pthread_attr_setinheritsched(&attr, PTHREAD_EXPLICIT_SCHED); if (retVal) { fprintf(stderr, "pthread_attr_setinheritsched error %d\n", retVal); exit(1); } retVal = pthread_attr_setschedpolicy(&attr, SCHED_RR); if (retVal) { fprintf(stderr, "pthread_attr_setschedpolicy error %d\n", retVal); exit(1); } schedParam.sched_priority = 99; retVal = pthread_attr_setschedparam(&attr, &schedParam); if (retVal) { fprintf(stderr, "pthread_attr_setschedparam error %d\n", retVal); exit(1); } retVal = pthread_create(&thread, &attr, _Thread, NULL); if (retVal) { fprintf(stderr, "pthread_create error %d\n", retVal); exit(1); } retVal = pthread_join(thread, NULL); if (retVal) { fprintf(stderr, "pthread_join error %d\n", retVal); exit(1); } printf("main run successfully\n"); return 0; }