| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Up to this point, capsh hides some complexity concerning raising
the CAP_SETPCAP in order to raise inheritable and drop bounding
set values. This made it harder to explain some aspects of
inheritance, and I ran into that detail writing this:
https://sites.google.com/site/fullycapable/why-didnt-that-work#h.z7rwbcazhr4r
Refactored capsh.c to clean up some buggy code, and also fix some
documentation, including reference to the --strict argument.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
cap.Set's have Flag component Values
cap.IAB's have Vector component Values
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
| |
Tried make -j12 and these fixes were needed.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Things like /proc/* files don't support capabilities on them and
if getcap looks at them it generates a lot of errors. Treat it as
equivalent to there being no capability on the file.
This addresses
https://bugzilla.kernel.org/show_bug.cgi?id=214317
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
| |
This addresses the feature request:
https://bugzilla.kernel.org/show_bug.cgi?id=214319
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
| |
Make build a bit quicker for folk that don't want to run tests.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
| |
As explained (thanks David Seifert) there are some LDFLAGS that
need to precede actual linked libraries. For example, -Wl,--as-needed.
Given this, I've tried it and it appears to work for the default
build cases as captured in 'make distcheck'.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
| |
Noticed that we weren't applying the same amount of flag discipline
to local BUILD_* tool rules. Fixing that, I see we've been carrying
a source code issue in libcap/_makenames.c for a while. (FIXED).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
I'm setting up some testing environments and they are not all
created equal.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
| |
Further observations from Zoltan Fridrich's static analysis of libcap.
This commit also includes a fix for something I broke with the last
round of "fixing", and a test to make sure I don't make that mistake
again.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
| |
This series of issues was found by Zoltan Fridrich.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
| |
Use something like:
make SUDO=my_sudo sudotest
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
This was inspired by a feature Debian has been patching orginally
credited to Zhi Li.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
| |
The combined options 'getpcaps --iab --verbose' will show everything
in detail (even the boring stuff).
Also used this exercise to test the libcap changes for iab comparisons.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intention was to force --static linking in only one corner case,
so be more explicit about that one, and revert the build behavior
in the others.
Reason for doing this was feedback from Arnout Vandecappelle in:
https://bugzilla.kernel.org/show_bug.cgi?id=214023#c16
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This brings libcap back to parity with the Go 'cap' package. We
provide a CAP_IAB_DIFFERS(result, vector) macro to evaluate the result
of cap_iab_compare().
Extend the getpcaps arguments to include --iab. This causes the utility
to explore the IAB tuple for the specified process. When used, this
outputs a text representation in a similar format to that of the
'captree' (Go) utility.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
This also required locally augmenting CFLAGS with -fPIC in the
Makefile's that required it.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
Typos found with codespell
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Discussion of one such setup in this bug (reported by David Runge):
https://bugzilla.kernel.org/show_bug.cgi?id=214023
Work around the failure to run ./pam_cap.so in these cases with
some more Makefile magic, and adjust test building with these
flags so it works in DYNAMIC=yes|no and SHARED=yes|no cases.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
| |
This is equivalent to 'capsh --print|fgrep Current'. I've been using
that combination a lot in the write-ups on the libcap website
(https://sites.google.com/site/fullycapable/) and so it struck me
that capsh probably should support it natively.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
| |
Also amend .gitignore to ignore uns_test binary in the progs directory.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
| |
This resolves:
https://bugzilla.kernel.org/show_bug.cgi?id=212737
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
| |
Bug report from Jan Palus:
https://bugzilla.kernel.org/show_bug.cgi?id=213261
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ever wondered something like which capability allows a process
to do privileged things with a tty? Try this:
capsh --suggest="tty"
cap_sys_tty_config (26) [/proc/self/status:CapXXX: 0x0000000004000000]
Allows a process to manipulate tty devices:
- configure tty devices
- perform vhangup() of a tty
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
| |
I found this corner case privilege escalation in December 2020.
Now that it is fixed upstream and widely deployed, add a test
so we don't regress.
[If you find 'make sutotest' fails for you, you should upgrade
your kernel.]
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
| |
Fixes for further analysis issues from Zoltan Fridrich of Redhat.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
Analysis and much of this commit was contributed by Zoltan
Fridrich of Redhat.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
| |
A convenience feature, so you don't have to grep the
system header, and/or wade through a man page.
This addresses:
https://bugzilla.kernel.org/show_bug.cgi?id=212451
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reformatted the license files to capture the same info but
in a more clear way.
Note, I have migrated the license texts to "License" files
since, apparently, LICENSE files are picked up and parsed by
all sorts of automation that I don't want to reverse engineer.
The compiled binaries refer to said LICENSE file(s).
The default LICENSE files refer to the License files for
details. It is expected that folk that build against libcap
and friends, and need to choose one or the other license will
simplify their copies of LICENSE consistent with their own
needs and the scope explained in the License file(s).
All code distributed with the official libcap, unless
explicitly stated, is covered by the libcap License file.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
| |
Since I last visited securebits no privs mode, a new prctl bit
has been added (it isn't a securebit, but a parallel implementation
of something similar). So, layer that bit on top of NOPRIV mode.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
There seems to have been a misconception that the tools and library
are GPL only. This has never been the case. The system was developed
from the start with a you-choose license: GPL(2 at the time) OR
BSD 3-clause. When GPL3 was released, it was decided that the
distribution would not follow that. As such, everything is:
BSD 3-clause or GPL2 (you choose).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
| |
Also, explicitly support -h rather than fail over to display the usage
info.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It has been a while since I tried:
make -C kdebug test
A few details for quicktest.sh's dependencies have changed, so
accommodate them.
Also support custom local experiments in the QEMU session.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
Fix a malloc bug with single entry/short PATHs in capsh code for "=="
support.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change addresses:
https://bugzilla.kernel.org/show_bug.cgi?id=209875
Howto:
make PTHREADS=no ...
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This addresses the following bug:
https://bugzilla.kernel.org/show_bug.cgi?id=209873
Namely, the following didn't previously work:
PATH=/sbin capsh == --print
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
| |
The static build of progs and tests, only needs the .a
libraries to be built.
Bug report from Thomas Petazzoni (trying to get capsh
etc to build against uClibc statically).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
Since sudotest is mostly the reason for using a static binary, force
all uses to be under this test target.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
| |
make DYNAMIC=yes test sudotest
works now. Thomas Petazzoni provided a patch that built
the tests this way, but I've restructured things to
make the above command line work against the uninstalled
library builds.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
| |
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
Apparently some folk like to supply these defines on the compiler
command line. Protect these defines with some more macrology.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
| |
When compiled statically getpwuid() can't handle an unsupported uid. So,
pick the test uids we use to be likely to be defined. Filed a glibc bug
with redhat since this was discovered on a fedora-32 system:
https://bugzilla.redhat.com/show_bug.cgi?id=1842745
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
| |
Signed-off-by: Christian Kastner <ckk@kvr.at>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
| |
Either supply --shell=/xx/yy as an argument to capsh, or
use the Make.Rules CAPSH_SHELL override when building.
This is an adaptation of an idea from Rosen Penev.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
This update removes the ` character in output
Signed-off-by: Raymond Etornam <retornam@users.noreply.github.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|