From e721aff543186ca4463954f8bca150b97736a01a Mon Sep 17 00:00:00 2001 From: Samanta Navarro Date: Sat, 14 Aug 2021 12:08:22 +0000 Subject: Fix typos. Typos found with codespell Signed-off-by: Samanta Navarro Signed-off-by: Andrew G. Morgan --- Make.Rules | 2 +- README | 4 ++-- cap/cap.go | 4 ++-- cap/file.go | 2 +- cap/iab.go | 4 ++-- cap/launch.go | 6 +++--- cap/names.go | 4 ++-- cap/syscalls.go | 2 +- contrib/pcaps4convenience | 18 +++++++++--------- contrib/pcaps4server | 2 +- contrib/pcaps4suid0 | 16 ++++++++-------- contrib/sucap/su.c | 20 ++++++++++---------- doc/cap_iab.3 | 4 ++-- doc/capability.notes | 2 +- doc/capsh.1 | 2 +- doc/old/_setfilecap.2 | 2 +- doc/values/7.txt | 2 +- doc/values/8.txt | 2 +- go/compare-cap.go | 2 +- goapps/web/web.go | 2 +- libcap/execable.h | 2 +- progs/capshdoc.h | 4 ++-- progs/quicktest.sh | 6 +++--- psx/doc.go | 2 +- psx/psx_syscall.h | 2 +- 25 files changed, 59 insertions(+), 59 deletions(-) diff --git a/Make.Rules b/Make.Rules index 108463e..670df25 100644 --- a/Make.Rules +++ b/Make.Rules @@ -155,7 +155,7 @@ endif # # In the context of this tree, on such such systems, a yes setting will # guarantee that every user, by default, is able to bless any binary with -# any capability - a ready made local exploit machanism. +# any capability - a ready made local exploit mechanism. RAISE_SETFCAP := no # If set to yes, this will cause the go "web" demo app to force the needed p diff --git a/README b/README index a3f5123..9c4a3ea 100644 --- a/README +++ b/README @@ -8,12 +8,12 @@ This library would not have been possible without the help of Aleph1, Roland Buresund and Andrew Main, Alexander Kjeldaas. More information on capabilities in the Linux kernel, links to the -official git repostitory for libcap, release notes and how to report +official git repository for libcap, release notes and how to report bugs can be found at: http://sites.google.com/site/fullycapable/ -The primary upstream git repostitory is this one: +The primary upstream git repository is this one: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/ diff --git a/cap/cap.go b/cap/cap.go index 8273d00..908e2bb 100644 --- a/cap/cap.go +++ b/cap/cap.go @@ -151,7 +151,7 @@ const ( ) var ( - // starUp protects setting of the following values: magic, + // startUp protects setting of the following values: magic, // words, maxValues. startUp sync.Once @@ -261,7 +261,7 @@ func (sc *syscaller) prctlwcall6(prVal, v1, v2, v3, v4, v5 uintptr) (int, error) return int(r), nil } -// cInit perfoms the lazy identification of the capability vintage of +// cInit performs the lazy identification of the capability vintage of // the running system. func (sc *syscaller) cInit() { h := &header{ diff --git a/cap/file.go b/cap/file.go index c74e5b3..70dae92 100644 --- a/cap/file.go +++ b/cap/file.go @@ -267,7 +267,7 @@ func (c *Set) SetFd(file *os.File) error { //go:uintptrescapes -// SetFile attempts to set the file capabilities of the specfied +// SetFile attempts to set the file capabilities of the specified // filename. This function can also be used to delete a file's // capabilities, by calling with c = nil. // diff --git a/cap/iab.go b/cap/iab.go index 1e0b5df..77f2dbc 100644 --- a/cap/iab.go +++ b/cap/iab.go @@ -56,7 +56,7 @@ func IABInit() *IAB { } } -// IABGetProc summarizes the Inh, Amb and Bound capabilty vectors of +// IABGetProc summarizes the Inh, Amb and Bound capability vectors of // the current process. func IABGetProc() *IAB { iab := IABInit() @@ -188,7 +188,7 @@ func (sc *syscaller) iabSetProc(iab *IAB) (err error) { } // SetProc attempts to change the Inheritable, Ambient and Bounding -// capabilty vectors of the current process using the content, +// capability vectors of the current process using the content, // iab. The Bounding vector strongly affects the potential for setting // other bits, so this function carefully performs the the combined // operation in the most flexible manner. diff --git a/cap/launch.go b/cap/launch.go index 1f4a9d6..6145f3e 100644 --- a/cap/launch.go +++ b/cap/launch.go @@ -67,7 +67,7 @@ func NewLauncher(path string, args []string, env []string) *Launcher { // (*Launcher).Callback(fn) method. However, this launcher is bare // bones because, when launching, all privilege management performed // by the fn() is fully discarded when the fn() completes -// exection. That is, it does not end by exec()ing some program. +// execution. That is, it does not end by exec()ing some program. func FuncLauncher(fn func(interface{}) error) *Launcher { return &Launcher{ callbackFn: func(ignored *syscall.ProcAttr, data interface{}) error { @@ -101,7 +101,7 @@ func FuncLauncher(fn func(interface{}) error) *Launcher { // *syscall.ProcAttr value to be used when a process launch is taking // place. A non-nil structure pointer can be modified by the callback // to enhance the launch. For example, the .Files field can be -// overriden to affect how the launched process' stdin/out/err are +// overridden to affect how the launched process' stdin/out/err are // handled. // // Further, the 2nd argument to the callback function is provided at @@ -206,7 +206,7 @@ func launch(result chan<- lResult, attr *Launcher, data interface{}, quit chan<- if tid == pid { // Force the go runtime to find a new thread to run // on. (It is really awkward to have a process' - // PID=TID thread in effectively a zomebie state. The + // PID=TID thread in effectively a zombie state. The // Go runtime has support for it, but pstree gives // ugly output since the prSetName value sticks around // after launch completion... diff --git a/cap/names.go b/cap/names.go index bb69daa..8ee96d1 100644 --- a/cap/names.go +++ b/cap/names.go @@ -63,7 +63,7 @@ const ( SETGID // SETUID allows a process to freely manipulate its own UIDs: - // - arbitraily set the UID, EUID, REUID and RESUID + // - arbitrarily set the UID, EUID, REUID and RESUID // values // - allows the forging of UID credentials passed over a // socket @@ -85,7 +85,7 @@ const ( // default, as its unsuppressed behavior was not // auditable: it could asynchronously grant its own // Permitted capabilities to and remove capabilities from - // other processes arbitraily. The former leads to + // other processes arbitrarily. The former leads to // undefined behavior, and the latter is better served by // the kill system call.] SETPCAP diff --git a/cap/syscalls.go b/cap/syscalls.go index 6f311a8..37121e0 100644 --- a/cap/syscalls.go +++ b/cap/syscalls.go @@ -40,7 +40,7 @@ const ( ) // scwMu is used to fully serialize the write system calls. Note, this -// would generally not be necesary, but in the case of Launch we get +// would generally not be necessary, but in the case of Launch we get // into a situation where the launching thread is temporarily allowed // to deviate from the kernel state of the rest of the runtime and // allowing other threads to perform w* syscalls will potentially diff --git a/contrib/pcaps4convenience b/contrib/pcaps4convenience index c46735d..b78a25b 100644 --- a/contrib/pcaps4convenience +++ b/contrib/pcaps4convenience @@ -63,22 +63,22 @@ p4c_test(){ # are we sane? WICH=`which which 2>/dev/null` if [ $WICH == "" ]; then - # thats bad + # that's bad echo "Sorry, I haven't found which" exit fi - # we needt his apps + # we need this app SETCAP=`which setcap 2>/dev/null` if [ "$SETCAP" == "" ]; then - echo "Sorry, I'm missing setcap !" + echo "Sorry, I'm missing setcap!" exit fi - # checking setcap for SET_SETFCAP PCap ? + # checking setcap for SET_SETFCAP PCap? # for now we stick to root if [ "$( id -u )" != "0" ]; then - echo "Sorry, you must be root !" + echo "Sorry, you must be root!" exit 1 fi } @@ -113,7 +113,7 @@ p4c_app_convert(){ p4c_app_revert(){ - # revert a singel app + # revert a single app # $1 is app name APP=`which -a $1 2>/dev/null` if [ "$APP" != "" ]; then @@ -136,7 +136,7 @@ p4c_app_revert(){ p4c_convert(){ - # we go throug the APPSARRAY and call s2p_app_convert to do the job + # we go through the APPSARRAY and call s2p_app_convert to do the job COUNTER=0 let UPPER=${#APPSARRAY[*]}-1 until [ $COUNTER == $UPPER ]; do @@ -170,9 +170,9 @@ p4c_usage(){ echo "through the PAM module pam_cap.so." echo "A user who has not the needed PCaps in his Inheritance Set CAN NOT execute" echo "these binaries successful." - echo "(well, still per sudo or su -c - but thats not the point here)" + echo "(well, still per sudo or su -c - but that's not the point here)" echo - echo "You need and I will check fot the utilities which and setcap." + echo "You need and I will check for the utilities which and setcap." echo echo "Your Filesystem has to support extended attributes and your kernel must have" echo "support for POSIX File Capabilities (CONFIG_SECURITY_FILE_CAPABILITIES)." diff --git a/contrib/pcaps4server b/contrib/pcaps4server index af6f9ca..f72a4d3 100644 --- a/contrib/pcaps4server +++ b/contrib/pcaps4server @@ -8,7 +8,7 @@ # changelog: # 1 - initial release pcaps4convenience # 1 - 2007.02.15 - initial release -# 2 - 2007.11.02 - changed to new setfcaps api; each app is now callable; supressed error of id +# 2 - 2007.11.02 - changed to new setfcaps api; each app is now callable; suppressed error of id # 3 - 2007.12.28 - changed to libcap2 package setcap/getcap # 4 - renamed to pcaps4server # removed suid0 and convenience files, diff --git a/contrib/pcaps4suid0 b/contrib/pcaps4suid0 index 799df28..2cbdcee 100644 --- a/contrib/pcaps4suid0 +++ b/contrib/pcaps4suid0 @@ -77,23 +77,23 @@ p4s_test(){ # are we sane? WICH=`which which 2>/dev/null` if [ $WICH == "" ]; then - # thats bad + # that's bad echo "Sorry, I haven't found which" exit fi - # we needt his apps + # we need these apps CHMOD=`which chmod 2>/dev/null` SETCAP=`which setcap 2>/dev/null` if [ "$CHMOD" == "" -o "$SETCAP" == "" ]; then - echo "Sorry, I'm missing chmod or setcap !" + echo "Sorry, I'm missing chmod or setcap!" exit fi - # checking setcap for SET_SETFCAP PCap ? + # checking setcap for SET_SETFCAP PCap? # for now we stick to root if [ "$( id -u )" != "0" ]; then - echo "Sorry, you must be root !" + echo "Sorry, you must be root!" exit 1 fi } @@ -129,7 +129,7 @@ p4s_app_convert(){ p4s_app_revert(){ - # revert a singel app + # revert a single app # $1 is app name APP=`which -a $1 2>/dev/null` if [ "$APP" != "" ]; then @@ -153,7 +153,7 @@ p4s_app_revert(){ p4s_convert(){ - # we go throug the APPSARRAY and call s2p_app_convert to do the job + # we go through the APPSARRAY and call s2p_app_convert to do the job COUNTER=0 let UPPER=${#APPSARRAY[*]}-1 until [ $COUNTER == $UPPER ]; do @@ -190,7 +190,7 @@ p4s_usage(){ echo "If you are using pam_cap.so, you might want to change the set into the" echo "Inherited and Effective set (check for the SET var)." echo - echo "You need and I will check fot the utilities which, chmod and setcap." + echo "You need and I will check for the utilities which, chmod and setcap." echo echo "Your Filesystem has to support extended attributes and your kernel must have" echo "support for POSIX File Capabilities (CONFIG_SECURITY_FILE_CAPABILITIES)." diff --git a/contrib/sucap/su.c b/contrib/sucap/su.c index e436f79..5c98e5f 100644 --- a/contrib/sucap/su.c +++ b/contrib/sucap/su.c @@ -127,7 +127,7 @@ static int make_environment(pam_handle_t *pamh, int keep_env) return retval; } - /* also propogate the POSIX specific ones */ + /* also propagate the POSIX specific ones */ for (i=0; retval == PAM_SUCCESS && posix_env[i]; ++i) { tmpe = getenv(posix_env[i]); if (tmpe != NULL) { @@ -529,7 +529,7 @@ int wait_for_child(pid_t child) fprintf(stderr, "[error waiting child: %s]\n", strerror(errno)); /* * Break the loop keeping exit_code undefined. - * Do we have a chance for a successfull wait() call + * Do we have a chance for a successful wait() call * after kill()? (SAW) */ wait_for_child_caught = 1; @@ -632,7 +632,7 @@ static char * const *build_shell_args(const char *pw_shell, int login, ) { use_default = 0; /* we will use this shell */ - D(("commited to using user's shell")); + D(("committed to using user's shell")); if (command) { arg_no += 2; /* will append "-c" "command" */ } @@ -881,7 +881,7 @@ static const struct utmp *find_utmp_entry(const char *ut_line, } /* - * Identify the terminal name and the abreviation we will use. + * Identify the terminal name and the abbreviation we will use. */ static void set_terminal_name(const char *terminal, char *ut_line, char *ut_id) { @@ -918,7 +918,7 @@ static void set_terminal_name(const char *terminal, char *ut_line, char *ut_id) /* * Append an entry to wtmp. See utmp_open_session for the return convention. - * Be carefull: the function uses alarm(). + * Be careful: the function uses alarm(). */ #define WWTMP_STATE_BEGINNING 0 @@ -1008,7 +1008,7 @@ struct utmp *login_stored_utmp=NULL; * 1 non-fatal error * -1 fatal error * callname and err_descr will be set - * Be carefull: the function indirectly uses alarm(). + * Be careful: the function indirectly uses alarm(). */ static int utmp_do_open_session(const char *user, const char *terminal, const char *rhost, pid_t pid, @@ -1034,7 +1034,7 @@ static int utmp_do_open_session(const char *user, const char *terminal, /* * here, we make a record of the former entry. If the - * utmp_close_session code is attatched to the same process, + * utmp_close_session code is attached to the same process, * the wtmp will be replaced, otherwise we leave init to pick * up the pieces. */ @@ -1153,7 +1153,7 @@ static int utmp_do_close_session(const char *terminal, * 1 non-fatal error * -1 fatal error * place and err_descr will be set - * Be carefull: the function indirectly uses alarm(). + * Be careful: the function indirectly uses alarm(). */ static int utmp_open_session(pam_handle_t *pamh, pid_t pid, int *retval, @@ -1332,8 +1332,8 @@ static int launch_callback_fn(void *h) } /* - * Restore a signal status: information if the signal is ingored - * is inherited accross exec() call. (SAW) + * Restore a signal status: information if the signal is ignored + * is inherited across exec() call. (SAW) */ enable_terminal_signals(); diff --git a/doc/cap_iab.3 b/doc/cap_iab.3 index 399e497..a453428 100644 --- a/doc/cap_iab.3 +++ b/doc/cap_iab.3 @@ -47,7 +47,7 @@ Vector will survive and the Bound (or \fIblocked\fP) vector is the twos-complement of the process bounding set. .PP -In some environments, it is considered desireable to naively inherit +In some environments, it is considered desirable to naively inherit capabilities. That is pass capabilities, independent of the status of the executed binary, from parent to child through exec* system calls. The surviving capabilities become the Permitted flag for the @@ -96,7 +96,7 @@ The text format accepted by is a comma separated list of capability values. Each capability is prefixed by nothing (or %) (Inh); ! (Bound); ^ (Amb). Or, some combination thereof. Since the Amb vector is constrained to be no -greater than the Inh set, ^ is eqivalent to %^. Further, unless B is +greater than the Inh set, ^ is equivalent to %^. Further, unless B is non-zero, % can be omitted. The following are legal text representations: "!%cap_chown" (Bound but Inh), "!cap_setuid,^cap_chown" (Bound, Inh+Amb). "cap_setuid,!cap_chown" diff --git a/doc/capability.notes b/doc/capability.notes index b1e5245..4087c80 100644 --- a/doc/capability.notes +++ b/doc/capability.notes @@ -22,7 +22,7 @@ the name 'system' who's account is locked with a '*' password. This user can be made the owner of all of the system directories on your system and critical system binaries too. -Why is this a good idea? In a simple case, the CAP_FUSER capabilty is +Why is this a good idea? In a simple case, the CAP_FUSER capability is required for the superuser to delete files owned by a non-root user in a 'sticky-bit' protected non-root owned directory. Thus, the sticky bit can help you protect the /lib/ directory from an compromized diff --git a/doc/capsh.1 b/doc/capsh.1 index 3e26842..e309438 100644 --- a/doc/capsh.1 +++ b/doc/capsh.1 @@ -43,7 +43,7 @@ was found via the shell's PATH searching. If the occurs after a .BI \-\-chroot= /some/path argument the PATH located binary may not be resolve to the same binary -as that running initially. This behavior is an intented feature as it +as that running initially. This behavior is an intended feature as it can complete the chroot transition. .TP .BI \-\-caps= cap-set diff --git a/doc/old/_setfilecap.2 b/doc/old/_setfilecap.2 index 6a0538c..3c9e374 100644 --- a/doc/old/_setfilecap.2 +++ b/doc/old/_setfilecap.2 @@ -93,7 +93,7 @@ Search permission is denied on a component of the path prefix. .TP .SB ELOOP .I filename -containes a circular reference (via symlinks). +contains a circular reference (via symlinks). .TP .SB EBADF .I fd diff --git a/doc/values/7.txt b/doc/values/7.txt index 432a97e..fbc1240 100644 --- a/doc/values/7.txt +++ b/doc/values/7.txt @@ -1,5 +1,5 @@ Allows a process to freely manipulate its own UIDs: - - arbitraily set the UID, EUID, REUID and RESUID + - arbitrarily set the UID, EUID, REUID and RESUID values - allows the forging of UID credentials passed over a socket diff --git a/doc/values/8.txt b/doc/values/8.txt index d6d7c1f..d7654f0 100644 --- a/doc/values/8.txt +++ b/doc/values/8.txt @@ -14,6 +14,6 @@ capabilities (2008), this capability was suppressed by default, as its unsuppressed behavior was not auditable: it could asynchronously grant its own Permitted capabilities to and remove capabilities from -other processes arbitraily. The former leads to +other processes arbitrarily. The former leads to undefined behavior, and the latter is better served by the kill system call.] diff --git a/go/compare-cap.go b/go/compare-cap.go index bafe0e5..f2a7d6b 100644 --- a/go/compare-cap.go +++ b/go/compare-cap.go @@ -184,7 +184,7 @@ func tryProcCaps() { } } - // The current process is now without any access to privelege. + // The current process is now without any access to privilege. } func main() { diff --git a/goapps/web/web.go b/goapps/web/web.go index f76e2b0..c96e745 100644 --- a/goapps/web/web.go +++ b/goapps/web/web.go @@ -1,4 +1,4 @@ -// Progam web provides an example of a webserver using capabilities to +// Program web provides an example of a webserver using capabilities to // bind to a privileged port, and then drop all capabilities before // handling the first web request. // diff --git a/libcap/execable.h b/libcap/execable.h index 282402f..0bcc5d4 100644 --- a/libcap/execable.h +++ b/libcap/execable.h @@ -19,7 +19,7 @@ #include #ifdef __EXECABLE_H -#error "only inlcude execable.h once" +#error "only include execable.h once" #endif #define __EXECABLE_H diff --git a/progs/capshdoc.h b/progs/capshdoc.h index 82f18fc..c182144 100644 --- a/progs/capshdoc.h +++ b/progs/capshdoc.h @@ -56,7 +56,7 @@ static const char *explanation6[] = { /* cap_setgid = 6 */ }; static const char *explanation7[] = { /* cap_setuid = 7 */ "Allows a process to freely manipulate its own UIDs:", - " - arbitraily set the UID, EUID, REUID and RESUID", + " - arbitrarily set the UID, EUID, REUID and RESUID", " values", " - allows the forging of UID credentials passed over a", " socket", @@ -79,7 +79,7 @@ static const char *explanation8[] = { /* cap_setpcap = 8 */ "default, as its unsuppressed behavior was not", "auditable: it could asynchronously grant its own", "Permitted capabilities to and remove capabilities from", - "other processes arbitraily. The former leads to", + "other processes arbitrarily. The former leads to", "undefined behavior, and the latter is better served by", "the kill system call.]", NULL diff --git a/progs/quicktest.sh b/progs/quicktest.sh index e508d0b..ba64ab5 100755 --- a/progs/quicktest.sh +++ b/progs/quicktest.sh @@ -1,7 +1,7 @@ #!/bin/bash # # Run through a series of tests to try out the various capability -# manipulations posible through exec. +# manipulations possible through exec. # # [Run this as root in a root-enabled process tree.] @@ -90,7 +90,7 @@ pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print /bin/chmod u+s tcapsh /bin/ls -l tcapsh -# leverage keep caps to maintain capabilities accross a change of euid +# leverage keep caps to maintain capabilities across a change of euid # from setuid root to capable luser (as per wireshark/dumpcap 0.99.7) # This test is subtle. It is testing that a change to self, dropping # euid=0 back to that of the luser keeps capabilities. @@ -205,7 +205,7 @@ EOF # Next force the privileged binary to have an empty capability set. # This is sort of the opposite of privileged - it should ensure that - # the file can never aquire privilege by the ambient method. + # the file can never acquire privilege by the ambient method. ./setcap = ./privileged fail_capsh --keep=1 --uid=$nouid --inh=cap_setuid --addamb=cap_setuid -- -c "./privileged --print --uid=1" diff --git a/psx/doc.go b/psx/doc.go index 384b0d3..c4ba829 100644 --- a/psx/doc.go +++ b/psx/doc.go @@ -1,5 +1,5 @@ // Package psx provides support for system calls that are run -// simultanously on all threads under Linux. +// simultaneously on all threads under Linux. // // This property can be used to work around a historical lack of // native Go support for such a feature. Something that is the subject diff --git a/psx/psx_syscall.h b/psx/psx_syscall.h index 4aacfab..3987d59 100644 --- a/psx/psx_syscall.h +++ b/psx/psx_syscall.h @@ -59,7 +59,7 @@ long int psx_syscall6(long int syscall_nr, * is to define this function as weak in a library that can optionally * use libpsx and then, should the caller link -lpsx, that library can * implicitly use these POSIX semantics syscalls. See libcap for an - * example of this useage. + * example of this usage. */ void psx_load_syscalls(long int (**syscall_fn)(long int, long int, long int, long int), -- cgit v1.2.1