int main(void) {
struct __user_cap_header_struct* hdr;
struct __user_cap_data_struct* data;
ALLOCATE_GUARD(hdr, 'a');
hdr->version = 0;
hdr->pid = 0;
test_assert(0 == capget(hdr, NULL));
test_assert(hdr->version > 0);
VERIFY_GUARD(hdr);
ALLOCATE_GUARD(hdr, 'a');
hdr->version = _LINUX_CAPABILITY_VERSION_1;
hdr->pid = 0;
ALLOCATE_GUARD(data, 'b');
test_assert(0 == capget(hdr, data));
VERIFY_GUARD(hdr);
VERIFY_GUARD(data);
ALLOCATE_GUARD(hdr, 'c');
hdr->version = _LINUX_CAPABILITY_VERSION_3;
hdr->pid = 0;
data = allocate_guard(sizeof(*data) * 2, 'd');
test_assert(0 == capget(hdr, data));
VERIFY_GUARD(hdr);
verify_guard(sizeof(*data) * 2, data);
atomic_puts("EXIT-SUCCESS");
return 0;
}
int
main(void)
{
const int data[] = { 2, 4, 0, 8, 16, 0 };
const int v3 = 0x20080522;
int * const head = tail_alloc(sizeof(int) * 2);
head[0] = v3;
head[1] = 0;
int * const tail_data = tail_alloc(sizeof(data));
capget(NULL, NULL);
capget(head + 2, tail_data);
capget(head, tail_data + ARRAY_SIZE(data));
if (capget(head, tail_data))
perror_msg_and_skip("capget");
if (head[0] != v3)
error_msg_and_skip("capget: v3 expected");
memcpy(tail_data, data, sizeof(data));
if (capset(head, data) == 0 || errno != EPERM)
perror_msg_and_skip("capset");
return 0;
}
static void lower_my_caps(void)
{
struct __user_cap_header_struct caphdr = {
.version = _LINUX_CAPABILITY_VERSION
};
cap_user_data_t capdata;
ssize_t capstrlen = 0;
cap_t my_cap;
char *cap_text;
int capsz;
(void) capget(&caphdr, NULL);
switch (caphdr.version) {
case _LINUX_CAPABILITY_VERSION_1:
capsz = _LINUX_CAPABILITY_U32S_1;
break;
case _LINUX_CAPABILITY_VERSION_2:
capsz = _LINUX_CAPABILITY_U32S_2;
break;
default:
abort(); /* can't happen */
}
capdata = gsh_calloc(capsz, sizeof(struct __user_cap_data_struct));
caphdr.pid = getpid();
if (capget(&caphdr, capdata) != 0)
LogFatal(COMPONENT_INIT,
"Failed to query capabilities for process, errno=%u",
errno);
/* Set the capability bitmask to remove CAP_SYS_RESOURCE */
if (capdata->effective & CAP_TO_MASK(CAP_SYS_RESOURCE))
capdata->effective &= ~CAP_TO_MASK(CAP_SYS_RESOURCE);
if (capdata->permitted & CAP_TO_MASK(CAP_SYS_RESOURCE))
capdata->permitted &= ~CAP_TO_MASK(CAP_SYS_RESOURCE);
if (capdata->inheritable & CAP_TO_MASK(CAP_SYS_RESOURCE))
capdata->inheritable &= ~CAP_TO_MASK(CAP_SYS_RESOURCE);
if (capset(&caphdr, capdata) != 0)
LogFatal(COMPONENT_INIT,
"Failed to set capabilities for process, errno=%u",
errno);
else
LogEvent(COMPONENT_INIT,
"CAP_SYS_RESOURCE was successfully removed for proper quota management in FSAL");
/* Print newly set capabilities (same as what CLI "getpcaps" displays */
my_cap = cap_get_proc();
cap_text = cap_to_text(my_cap, &capstrlen);
LogEvent(COMPONENT_INIT, "currenty set capabilities are: %s",
cap_text);
cap_free(cap_text);
cap_free(my_cap);
gsh_free(capdata);
}
static void raise_caps() {
// Raise CapInh to match CapPrm, so that we can set the ambient bits.
__user_cap_header_struct capheader;
memset(&capheader, 0, sizeof(capheader));
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
__user_cap_data_struct capdata[2];
if (capget(&capheader, &capdata[0]) == -1) {
fatal_errno("capget failed");
}
if (capdata[0].permitted != capdata[0].inheritable ||
capdata[1].permitted != capdata[1].inheritable) {
capdata[0].inheritable = capdata[0].permitted;
capdata[1].inheritable = capdata[1].permitted;
if (capset(&capheader, &capdata[0]) == -1) {
async_safe_format_log(ANDROID_LOG_ERROR, "libc", "capset failed: %s", strerror(errno));
}
}
// Set the ambient capability bits so that crash_dump gets all of our caps and can ptrace us.
uint64_t capmask = capdata[0].inheritable;
capmask |= static_cast<uint64_t>(capdata[1].inheritable) << 32;
for (unsigned long i = 0; i < 64; ++i) {
if (capmask & (1ULL << i)) {
if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0, 0) != 0) {
async_safe_format_log(ANDROID_LOG_ERROR, "libc",
"failed to raise ambient capability %lu: %s", i, strerror(errno));
}
}
}
}
int
check_capabilities()
{
struct __user_cap_header_struct cap_header;
struct __user_cap_data_struct cap_data;
cap_header.pid = getpid();
cap_header.version = _LINUX_CAPABILITY_VERSION;
/* Check if oor is already running: /var/run/oor.pid */
if (capget(&cap_header, &cap_data) < 0)
{
OOR_LOG(LCRIT, "Could not retrieve capabilities");
return BAD;
}
OOR_LOG(LWRN, "Rights: Effective [%u] Permitted [%u]", cap_data.effective, cap_data.permitted);
/* check for capabilities */
if( (cap_data.effective & CAP_TO_MASK(CAP_NET_ADMIN)) && (cap_data.effective & CAP_TO_MASK(CAP_NET_RAW)) ) {
}
else {
OOR_LOG(LCRIT, "Insufficient rights, you need CAP_NET_ADMIN and CAP_NET_RAW. See README");
return BAD;
}
return GOOD;
}
static int drop_privs()
{
int res;
struct __user_cap_header_struct head;
struct __user_cap_data_struct newcaps;
head.version = _LINUX_CAPABILITY_VERSION;
head.pid = 0;
res = capget(&head, &oldcaps);
if(res == -1) {
fprintf(stderr, "%s: failed to get capabilities: %s\n", progname,
strerror(errno));
return -1;
}
oldfsuid = setfsuid(getuid());
oldfsgid = setfsgid(getgid());
newcaps = oldcaps;
/* Keep CAP_SYS_ADMIN for mount */
newcaps.effective &= (1 << CAP_SYS_ADMIN);
head.version = _LINUX_CAPABILITY_VERSION;
head.pid = 0;
res = capset(&head, &newcaps);
if(res == -1) {
fprintf(stderr, "%s: failed to set capabilities: %s\n", progname,
strerror(errno));
return -1;
}
return 0;
}
static void set_capability(unsigned capability)
{
#ifndef _LINUX_CAPABILITY_VERSION
#define _LINUX_CAPABILITY_VERSION 0x19980330
#endif
/* these can be removed when they are in glibc headers */
struct {
uint32 version;
int pid;
} header;
struct {
uint32 effective;
uint32 permitted;
uint32 inheritable;
} data;
header.version = _LINUX_CAPABILITY_VERSION;
header.pid = 0;
if (capget(&header, &data) == -1) {
DEBUG(3,("Unable to get kernel capabilities (%s)\n", strerror(errno)));
return;
}
data.effective |= (1<<capability);
if (capset(&header, &data) == -1) {
DEBUG(3,("Unable to set %d capability (%s)\n",
capability, strerror(errno)));
}
}
int main(void)
{
struct __user_cap_header_struct uch;
struct __user_cap_data_struct ucd;
uch.version = _LINUX_CAPABILITY_VERSION_3;
uch.pid = getpid();
return capget(&uch, &ucd);
}
/*
* Check for superuser privileges
*/
int check_capabilities()
{
struct __user_cap_header_struct cap_header;
struct __user_cap_data_struct cap_data;
cap_header.pid = getpid();
cap_header.version = _LINUX_CAPABILITY_VERSION;
if (capget(&cap_header, &cap_data) < 0)
{
lispd_log_msg(LISP_LOG_ERR, "Could not retrieve capabilities");
return BAD;
}
lispd_log_msg(LISP_LOG_DEBUG_1, "Rights: Effective [%u] Permitted [%u]", cap_data.effective, cap_data.permitted);
/* check for capabilities */
if( (cap_data.effective & CAP_TO_MASK(CAP_NET_ADMIN)) && (cap_data.effective & CAP_TO_MASK(CAP_NET_RAW)) ) {
}
else {
lispd_log_msg(LISP_LOG_CRIT, "Insufficient rights, you need CAP_NET_ADMIN and CAP_NET_RAW. See README");
return BAD;
}
/* Clear all but the capability to bind to low ports */
cap_data.effective = CAP_TO_MASK(CAP_NET_ADMIN) | CAP_TO_MASK(CAP_NET_RAW);
cap_data.permitted = cap_data.effective ;
cap_data.inheritable = 0;
if (capset(&cap_header, &cap_data) < 0) {
lispd_log_msg(LISP_LOG_WARNING, "Could not drop privileges");
return BAD;
}
/* Tell kernel not clear permitted capabilities when dropping root */
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) {
lispd_log_msg(LISP_LOG_WARNING, "Sprctl(PR_SET_KEEPCAPS) failed");
return GOOD;
}
/* Now we can drop privilege, drop effective rights even with KEEPCAPS */
if (setuid(getuid()) < 0) {
lispd_log_msg(LISP_LOG_WARNING, "Could not drop privileges");
}
/* that's why we need to set effective rights equal to permitted rights */
if (capset(&cap_header, &cap_data) < 0)
{
lispd_log_msg(LISP_LOG_CRIT, "Could not set effective rights to permitted ones");
return (BAD);
}
lispd_log_msg(LISP_LOG_DEBUG_1, "Rights: Effective [%u] Permitted [%u]", cap_data.effective, cap_data.permitted);
return GOOD;
}
static bool set_capabilities(void)
{
#if defined(ANDROID)
struct __user_cap_header_struct header;
struct __user_cap_data_struct cap;
header.version = _LINUX_CAPABILITY_VERSION;
header.pid = 0;
/*
* CAP_NET_ADMIN: Allow use of MGMT interface
* CAP_NET_BIND_SERVICE: Allow use of privileged PSM
* CAP_NET_RAW: Allow use of bnep ioctl calls
*/
cap.effective = cap.permitted =
CAP_TO_MASK(CAP_NET_RAW) |
CAP_TO_MASK(CAP_NET_ADMIN) |
CAP_TO_MASK(CAP_NET_BIND_SERVICE);
cap.inheritable = 0;
/* don't clear capabilities when dropping root */
if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
error("%s: prctl(): %s", __func__, strerror(errno));
return false;
}
/* Android bluetooth user UID=1002 */
if (setuid(1002) < 0) {
error("%s: setuid(): %s", __func__, strerror(errno));
return false;
}
/* TODO: Move to cap_set_proc once bionic support it */
if (capset(&header, &cap) < 0) {
error("%s: capset(): %s", __func__, strerror(errno));
return false;
}
/* TODO: Move to cap_get_proc once bionic support it */
if (capget(&header, &cap) < 0) {
error("%s: capget(): %s", __func__, strerror(errno));
return false;
}
DBG("Caps: eff: 0x%x, perm: 0x%x, inh: 0x%x", cap.effective,
cap.permitted, cap.inheritable);
#endif
return true;
}
int
main(void)
{
int unused[6];
const int data[] = { 2, 4, 0, 8, 16, 0 };
const int v3 = 0x20080522;
int head[] = { v3, 0 };
if (capget(head, unused) || head[0] != v3 ||
capset(head, data) == 0 || errno != EPERM)
return 77;
return 0;
}
static int has_capabilities(__u32 mask)
{
struct __user_cap_header_struct header;
struct __user_cap_data_struct data;
header.version = _LINUX_CAPABILITY_VERSION;
header.pid = getpid();
if (capget(&header, &data)) {
NMF_LOG("Error: capget failed : %s\n", strerror(errno));
}
return data.effective & mask;
}
static void
show(pid_t pid)
{
struct __user_cap_header_struct header;
struct __user_cap_data_struct user;
header.version = _LINUX_CAPABILITY_VERSION;
header.pid = pid;
if (capget(&header,&user)==-1){
perror ("reducecap: capget()");
exit(wrapper_exit_code);
}
printReducecap(&user);
}
static void init(void)
{
if (m.state != CAPNG_NEW)
return;
memset(&m.hdr, 0, sizeof(m.hdr));
(void)capget(&m.hdr, NULL); // Returns -EINVAL
if (m.hdr.version == _LINUX_CAPABILITY_VERSION_3 ||
m.hdr.version == _LINUX_CAPABILITY_VERSION_2) {
m.cap_ver = 3;
} else if (m.hdr.version == _LINUX_CAPABILITY_VERSION_1) {
m.cap_ver = 1;
} else {
m.state = CAPNG_ERROR;
return;
}
memset(&m.data, 0, sizeof(cap_data_t));
#ifdef HAVE_SYSCALL_H
m.hdr.pid = (unsigned)syscall(__NR_gettid);
#else
m.hdr.pid = (unsigned)getpid();
#endif
// Detect last cap
if (last_cap == -1) {
int fd;
fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY);
if (fd == -1) {
if (errno != ENOENT) {
m.state = CAPNG_ERROR;
return;
}
} else {
char buf[8];
int num = read(fd, buf, sizeof(buf) - 1);
if (num > 0) {
buf[num] = 0;
errno = 0;
int val = strtoul(buf, NULL, 10);
if (errno == 0)
last_cap = val;
}
close(fd);
}
if (last_cap == -1)
last_cap = CAP_LAST_CAP;
}
m.state = CAPNG_ALLOCATED;
}
cap_t cap_get_proc(void)
{
cap_t result;
/* allocate a new capability set */
result = cap_init();
if (result) {
_cap_debug("getting current process' capabilities");
/* fill the capability sets via a system call */
if (capget(&result->head, &result->set)) {
cap_free(&result);
}
}
return result;
}
int capgetp(pid_t pid, cap_t cap_d)
{
int error;
if (!good_cap_t(cap_d)) {
errno = EINVAL;
return -1;
}
_cap_debug("getting process capabilities for proc %d", pid);
cap_d->head.pid = pid;
error = capget(&cap_d->head, &cap_d->set);
cap_d->head.version = _LINUX_CAPABILITY_VERSION;
cap_d->head.pid = 0;
return error;
}
int main(int ac, char **av)
{
int lc, i; /* loop counter */
char *msg; /* message returned from parse_opts */
/* parse standard options */
if ((msg = parse_opts(ac, av, (option_t *) NULL, NULL))
!= (char *)NULL) {
tst_brkm(TBROK, tst_exit, "OPTION PARSING ERROR - %s", msg);
}
/* perform global setup for test */
setup();
/* check looping state if -i option given */
for (lc = 0; TEST_LOOPING(lc); lc++) {
/* reset Tst_count in case we are looping. */
Tst_count = 0;
for (i = 0; i < TST_TOTAL; ++i) {
test_setup(i);
TEST(capget(test_cases[i].headerp,
test_cases[i].datap));
if ((TEST_RETURN == -1) && (TEST_ERRNO ==
test_cases[i].exp_errno)) {
tst_resm(TPASS, "capget() returned -1,"
" errno: %s", test_cases[i].errdesc);
} else {
tst_resm(TFAIL|TTERRNO, "Test Failed, capget() returned %ld",
TEST_RETURN);
}
TEST_ERROR_LOG(TEST_ERRNO);
}
} /* End for TEST_LOOPING */
/* cleanup and exit */
cleanup();
/*NOTREACHED*/ return 0;
} /* End main */
static void
acquire_caps (void)
{
struct __user_cap_header_struct hdr = { _LINUX_CAPABILITY_VERSION_3, 0 };
struct __user_cap_data_struct data[2] = { { 0 } };
if (capget (&hdr, data) < 0)
die_with_error ("capget failed");
if (((data[0].effective & REQUIRED_CAPS_0) == REQUIRED_CAPS_0) &&
((data[0].permitted & REQUIRED_CAPS_0) == REQUIRED_CAPS_0) &&
((data[1].effective & REQUIRED_CAPS_1) == REQUIRED_CAPS_1) &&
((data[1].permitted & REQUIRED_CAPS_1) == REQUIRED_CAPS_1))
is_privileged = TRUE;
if (getuid () != geteuid ())
{
/* Tell kernel not clear capabilities when dropping root */
if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
die_with_error ("prctl(PR_SET_KEEPCAPS) failed");
/* Drop root uid, but retain the required permitted caps */
if (setuid (getuid ()) < 0)
die_with_error ("unable to drop privs");
}
if (is_privileged)
{
/* Drop all non-require capabilities */
data[0].effective = REQUIRED_CAPS_0;
data[0].permitted = REQUIRED_CAPS_0;
data[0].inheritable = 0;
data[1].effective = REQUIRED_CAPS_1;
data[1].permitted = REQUIRED_CAPS_1;
data[1].inheritable = 0;
if (capset (&hdr, data) < 0)
die_with_error ("capset failed");
}
/* Else, we try unprivileged user namespaces */
/* We need the process to be dumpable, or we can't access /proc/self/uid_map */
if (prctl (PR_SET_DUMPABLE, 1, 0, 0, 0) < 0)
die_with_error ("prctl(PR_SET_DUMPABLE) failed");
}
static bool
verifyCap()
{
int retried = 0;
struct __user_cap_header_struct header;
struct __user_cap_data_struct user[2];
header.version = _LINUX_CAPABILITY_VERSION_3;
header.pid = 0;
if (getuid()!=0) {
WRITE_MSG(2, "'VERIFYCAP' can be executed as root only\n");
return false;
}
// if( prctl( PR_SET_KEEPCAPS, 1,0,0,0 ) < 0 ) {
// perror( "prctl:" );
// return false;
// }
retry:
if (capget(&header, user)==-1) {
if (!retried &&
header.version != _LINUX_CAPABILITY_VERSION_3) {
header.version = _LINUX_CAPABILITY_VERSION_1;
retried = 1;
goto retry;
}
perror("capget()");
return false;
}
user[0].effective = user[1].effective = 0;
user[0].permitted = user[1].permitted = 0;
user[0].inheritable = user[1].inheritable = 0;
if (capset(&header, user)==-1) {
perror("capset()");
return false;
}
return chroot("/")==-1;
}
/* setup() - performs all ONE TIME setup for this test */
void
setup()
{
/* capture signals */
tst_sig(NOFORK, DEF_HANDLER, cleanup);
/* Pause if that option was specified */
TEST_PAUSE;
/*
* Save current capability data.
* header.version must be _LINUX_CAPABILITY_VERSION
*/
header.version = _LINUX_CAPABILITY_VERSION;
header.pid = 0;
if ((capget(&header, &data)) == -1) {
tst_brkm(TBROK, tst_exit, "capget() failed");
}
} /* End setup() */
static int stress_capgetset_pid(
const char *name,
const pid_t pid,
const bool do_set,
uint64_t *counter,
const bool exists)
{
int ret;
struct __user_cap_header_struct uch;
struct __user_cap_data_struct ucd[_LINUX_CAPABILITY_U32S_3];
memset(&uch, 0, sizeof uch);
memset(ucd, 0, sizeof ucd);
uch.version = _LINUX_CAPABILITY_VERSION_3;
uch.pid = pid;
ret = capget(&uch, ucd);
if (ret < 0) {
if (((errno == ESRCH) && exists) ||
(errno != ESRCH)) {
pr_fail(stderr, "%s: capget on pid %d failed: errno=%d (%s)\n",
name, pid, errno, strerror(errno));
}
}
if (do_set) {
ret = capset(&uch, ucd);
if (ret < 0) {
if (((errno == ESRCH) && exists) ||
(errno != ESRCH)) {
pr_fail(stderr, "%s: capget on pid %d failed: errno=%d (%s)\n",
name, pid, errno, strerror(errno));
}
}
}
(*counter)++;
return ret;
}
int capng_get_caps_process(void)
{
int rc;
if (m.state == CAPNG_NEW)
init();
if (m.state == CAPNG_ERROR)
return -1;
rc = capget((cap_user_header_t)&m.hdr, (cap_user_data_t)&m.data);
if (rc == 0) {
m.state = CAPNG_INIT;
#ifdef PR_CAPBSET_DROP
rc = get_bounding_set();
if (rc < 0)
m.state = CAPNG_ERROR;
#endif
}
return rc;
}
int main(int argc, char **argv)
{
struct __user_cap_header_struct hdr;
struct __user_cap_data_struct data[2];
memset(&hdr, 0, sizeof(hdr));
memset(&data, 0, sizeof(data));
hdr.version = _LINUX_CAPABILITY_VERSION_3;
hdr.pid = 0;
if(capget(&hdr, &data[0])) {
put(2, "capget() error\n");
exit(2);
}
if(argc > 1) {
int i, p;
for(p=1;p>=0;p--) {
for(i=31;i>=0;i--) {
if(data[p].permitted & 1<<i)
put(1, "x");
else
put(1, "-");
}
}
put(1, "\n");
}
/* this cap may be turned off by default depending on kernel config */
data[0].permitted |= (1 << CAP_SETPCAP);
if(data[0].permitted == 0xffffffff &&
data[1].permitted == 0xffffffff) {
put(1, "yes\n");
exit(0);
}
put(1, "no\n");
exit(1);
}
int main(int ac, char **av)
{
int lc; /* loop counter */
char *msg; /* message returned from parse_opts */
/* parse standard options */
if ((msg = parse_opts(ac, av, (option_t *) NULL, NULL))
!= (char *)NULL) {
tst_brkm(TBROK, tst_exit, "OPTION PARSING ERROR - %s", msg);
}
/* perform global setup for test */
setup();
/* check looping state if -i option given */
for (lc = 0; TEST_LOOPING(lc); lc++) {
/* reset Tst_count in case we are looping. */
Tst_count = 0;
/* header.version must be _LINUX_CAPABILITY_VERSION */
header.version = _LINUX_CAPABILITY_VERSION;
TEST(capget(&header, &data));
if (TEST_RETURN == 0) {
tst_resm(TPASS, "capget() returned %ld", TEST_RETURN);
} else {
tst_resm(TFAIL|TTERRNO, "Test Failed, capget() returned %ld",
TEST_RETURN);
}
} /* End for TEST_LOOPING */
/* cleanup and exit */
cleanup();
/*NOTREACHED*/ return 0;
} /* End main */
/* setup() - performs all ONE TIME setup for this test */
void setup()
{
/* capture signals */
tst_sig(NOFORK, DEF_HANDLER, cleanup);
/* Set up the expected error numbers for -e option */
TEST_EXP_ENOS(exp_enos);
/* Pause if that option was specified */
TEST_PAUSE;
/*
* Save current capability data.
* header.version must be _LINUX_CAPABILITY_VERSION
*/
header.version = _LINUX_CAPABILITY_VERSION;
if ((capget(&header, &data)) == -1) {
tst_brkm(TBROK|TERRNO, tst_exit, "capget() failed");
}
} /* End setup() */
static jlong com_android_internal_os_ZygoteInit_capgetPermitted (JNIEnv *env,
jobject clazz, jint pid)
{
struct __user_cap_header_struct capheader;
struct __user_cap_data_struct capdata;
int err;
memset (&capheader, 0, sizeof(capheader));
memset (&capdata, 0, sizeof(capdata));
capheader.version = _LINUX_CAPABILITY_VERSION;
capheader.pid = pid;
err = capget (&capheader, &capdata);
if (err < 0) {
jniThrowIOException(env, errno);
return 0;
}
return (jlong) capdata.permitted;
}
int main(int argc, char **argv) {
struct __user_cap_header_struct header = { _LINUX_CAPABILITY_VERSION_3, 0 };
struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_3];
if (argc < 2) {
fprintf(stderr, "Usage: %s COMMAND [ARGS]\n", argv[0]);
exit(1);
}
prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
if (setgid(getgid()) < 0 || setuid(getuid()) < 0)
error(EXIT_FAILURE, 0, "Failed to drop privileges");
capget(&header, data);
data[CAP_NET_BIND_SERVICE >> 5].inheritable
= 1 << (CAP_NET_BIND_SERVICE & 31);
capset(&header, data);
prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, CAP_NET_BIND_SERVICE, 0, 0);
execvp(argv[1], argv + 1);
error(EXIT_FAILURE, errno, "exec %s", argv[1]);
}
int main(int argc, char **argv)
{ int x = 0;
char *args[10];
setuid(2);
signal(SIGCHLD, sigchld);
do_signals();
x += getpid();
x += getppid();
x += getuid();
x += getgid();
x += setsid();
x += seteuid();
x += setegid();
lseek(0, 0, -1);
kill(0, 0);
signal(99, 0);
signal(SIGINT, int_handler);
signal(SIGSEGV, segv_handler);
// *(int *) 0 = 0;
pipe(0);
munmap(0, 0);
mincore(0, 0);
shmget(0);
shmat(0);
line = __LINE__;
poll(-1, 0, 0);
signal(SIGSEGV, SIG_IGN);
// ppoll(-1, -1, -1, 0);
signal(SIGSEGV, SIG_DFL);
sched_yield();
readv(-1, 0, 0, 0);
writev(-1, 0, 0, 0);
msync(0, 0, 0);
fsync(-1);
fdatasync(-1);
semget(0, 0, 0);
semctl(0, 0, 0);
uselib(NULL);
pivot_root(0, 0);
personality(-1);
setfsuid(-1);
flock(-1, 0);
shmdt(0, 0, 0);
times(0);
mremap(0, 0, 0, 0, 0);
madvise(0, 0, 0);
fchown(-1, 0, 0);
lchown(0, 0, 0);
setreuid();
setregid();
link("/nonexistant", "/also-nonexistant");
do_slow();
symlink("/nothing", "/");
rename("/", "/");
mkdir("/junk/stuff////0", 0777);
geteuid();
getsid();
getpgid();
getresuid();
getresgid();
getpgid();
ptrace(-1, 0, 0, 0);
semop(0, 0, 0);
capget(0, 0);
line = __LINE__;
gettimeofday(0, 0);
settimeofday(0, 0);
dup(-1);
dup2(-1, -1);
shmctl(0, 0, 0, 0);
execve("/bin/nothing", "/bin/nothing", 0);
alarm(9999);
bind(0, 0, 0);
socket(0, 0, 0);
accept(0, 0, 0);
listen(0);
shutdown(0);
getsockname(0, 0, 0);
getpeername(0, 0, 0);
truncate(0, 0);
ftruncate(0, 0);
line = __LINE__;
if (vfork() == 0)
exit(0);
line = __LINE__;
x = opendir("/", 0, 0);
line = __LINE__;
readdir(x, 0, 0);
line = __LINE__;
closedir(x);
line = __LINE__;
chroot("/");
line = __LINE__;
sigaction(0, 0, 0);
line = __LINE__;
sigprocmask(0, 0, 0);
x += open("/nothing", 0);
x += chdir("/nothing");
x += mknod("/nothing/nothing", 0);
x += ioctl();
execve("/nothing", NULL, NULL);
line = __LINE__;
x += close(-2);
line = __LINE__;
if (fork() == 0)
exit(0);
line = __LINE__;
clone(clone_func, 0, 0, 0);
line = __LINE__;
brk(0);
sbrk(0);
line = __LINE__;
mmap(0, 0, 0, 0, 0);
line = __LINE__;
uname(0);
line = __LINE__;
getcwd(0, 0);
line = __LINE__;
iopl(3);
ioperm(0, 0, 0);
mount(0, 0, 0, 0, 0);
umount(0, 0);
umount(0, 0, 0);
swapon(0, 0);
swapoff(0);
sethostname(0);
line = __LINE__;
time(NULL);
unlink("/nothing");
line = __LINE__;
rmdir("/nothing");
chmod(0, 0);
line = __LINE__;
# if defined(__i386) || defined(__amd64)
modify_ldt(0);
# endif
stat("/doing-nice", 0);
nice(0);
args[0] = "/bin/df";
args[1] = "-l";
args[2] = NULL;
close(1);
open("/dev/null", O_WRONLY);
/***********************************************/
/* Some syscalls arent available direct */
/* from libc, so get them here. We mostly */
/* care about the ones which have caused */
/* implementation difficulty and kernel */
/* crashes - eventually we can be complete. */
/***********************************************/
line = __LINE__;
open("/system-dependent-syscalls-follow", 0);
line = __LINE__;
if (fork() == 0)
exit(0);
{int status;
while (wait(&status) >= 0)
;
}
sigaltstack(0, 0);
/*vm86(0, 0);*/
/***********************************************/
/* Some syscalls arent directly accessible, */
/* e.g. legacy. */
/***********************************************/
#if defined(__x86_64__)
trace(__LINE__, "x64 syscalls");
syscall(174, 0, 0, 0); // create_module
syscall(176, 0, 0, 0); // delete_module
syscall(178, 0, 0, 0); // query_module
#else
trace(__LINE__, "x32 syscalls");
syscall(0, 0, 0, 0); // restart_syscall
syscall(34, 0, 0, 0); // nice
syscall(59, 0, 0, 0); // oldolduname
syscall(109, 0, 0, 0); // olduname
if (fork() == 0)
syscall(1, 0, 0, 0); // exit
#endif
line = __LINE__;
execve("/bin/df", args, NULL);
fprintf(stderr, "Error: should not get here -- %s\n", strerror(errno));
exit(1);
}
int main(void)
{
int retVal;
pthread_attr_t attr;
struct sched_param schedParam;
pthread_t thread;
struct __user_cap_header_struct cap_header_data;
cap_user_header_t cap_header = &cap_header_data;
struct __user_cap_data_struct cap_data_data;
cap_user_data_t cap_data = &cap_data_data;
int ret;
if (setresuid(0, 0, 0)) {
fprintf(stderr, "Cannot switch to root: %s.\n", strerror(errno));
return 1;
}
cap_header->pid = getpid();
cap_header->version = _LINUX_CAPABILITY_VERSION;
if (capget(cap_header, cap_data) < 0) {
perror("Failed capget");
exit(1);
}
printf("Cap data 0x%x, 0x%x, 0x%x\n", cap_data->effective,
cap_data->permitted, cap_data->inheritable);
/* Clear all but the capability to bind to low ports */
cap_data->effective |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE);
cap_data->permitted |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE);
cap_data->inheritable |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE);
if (capset(cap_header, cap_data) < 0)
printf("capset failed");
printf("Cap data 0x%x, 0x%x, 0x%x\n", cap_data->effective,
cap_data->permitted, cap_data->inheritable);
ret = nice(-1);
printf("nice: %d\n", ret);
/* Tell kernel not clear capabilities when dropping root */
if (prctl(PR_SET_KEEPCAPS, 1) < 0)
printf("prctl(PR_SET_KEEPCAPS) failed ");
setresuid(1000,1000,1000);
printf("setresuid\n");
/* Clear all but the capability to bind to low ports */
cap_data->effective |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE);
cap_data->permitted |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE);
cap_data->inheritable |= CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SYS_NICE);
if (capset(cap_header, cap_data) < 0)
printf("capset failed");
printf("Cap data 0x%x, 0x%x, 0x%x\n", cap_data->effective,
cap_data->permitted, cap_data->inheritable);
retVal = pthread_attr_init(&attr);
if (retVal)
{
fprintf(stderr, "pthread_attr_init error %d\n", retVal);
exit(1);
}
retVal = pthread_attr_setinheritsched(&attr, PTHREAD_EXPLICIT_SCHED);
if (retVal)
{
fprintf(stderr, "pthread_attr_setinheritsched error %d\n", retVal);
exit(1);
}
retVal = pthread_attr_setschedpolicy(&attr, SCHED_RR);
if (retVal)
{
fprintf(stderr, "pthread_attr_setschedpolicy error %d\n", retVal);
exit(1);
}
schedParam.sched_priority = 99;
retVal = pthread_attr_setschedparam(&attr, &schedParam);
if (retVal)
{
fprintf(stderr, "pthread_attr_setschedparam error %d\n", retVal);
exit(1);
}
retVal = pthread_create(&thread,
&attr,
_Thread,
NULL);
if (retVal)
{
fprintf(stderr, "pthread_create error %d\n", retVal);
exit(1);
}
retVal = pthread_join(thread, NULL);
if (retVal)
{
fprintf(stderr, "pthread_join error %d\n", retVal);
exit(1);
}
printf("main run successfully\n");
return 0;
}