[PATCH 3/9] setpriv: dump user and group info
Patrick Steinhardt
ps at pks.im
Thu Jun 29 17:34:30 UTC 2017
setpriv from util-linux has an option to dump the current state
regarding privilege settings via `--dump`. It prints out information on
the real and effective user and group IDs, supplementary groups, the
no-new-privs flag, the capability sets as well as secure bits.
This patch is the start of supporting this mode. To make introduction of
the `--dump` easier to reason about, its introduction has been split
into multiple patches. This particular one introduces the ability to
print out user and group information of the current process.
---
util-linux/setpriv.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 54 insertions(+), 2 deletions(-)
diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index 24e577131..ca31c0a77 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -24,6 +24,7 @@
//usage: "[OPTIONS] PROG [ARGS]"
//usage:#define setpriv_full_usage "\n\n"
//usage: "Run PROG with different privilege settings\n"
+//usage: "\n-d,--dump Show current capabilities"
//usage: "\n--nnp,--no-new-privs Ignore setuid/setgid bits and file capabilities"
//setpriv from util-linux 2.28:
@@ -45,6 +46,7 @@
// --apparmor-profile <pr> set AppArmor profile
#include <sys/prctl.h>
+#include <unistd.h>
#include "libbb.h"
#ifndef PR_SET_NO_NEW_PRIVS
@@ -52,13 +54,56 @@
#endif
enum {
- OPT_NNP = (1 << 0),
+ OPT_DUMP = (1 << 0),
+ OPT_NNP = (1 << 1),
};
+static int dump(void)
+{
+ uid_t ruid, euid, suid;
+ gid_t rgid, egid, sgid;
+ gid_t *gids;
+ int ngids;
+
+ if (getresuid(&ruid, &euid, &suid) < 0)
+ bb_simple_perror_msg_and_die("getresgid");
+
+ if (getresgid(&rgid, &egid, &sgid) < 0)
+ bb_simple_perror_msg_and_die("getresgid");
+
+ if ((ngids = getgroups(0, NULL)) < 0)
+ bb_simple_perror_msg_and_die("getgroups");
+ gids = xmalloc(ngids * sizeof(*gids));
+ if ((ngids = getgroups(ngids, gids)) < 0)
+ bb_simple_perror_msg_and_die("getgroups");
+
+ printf("uid: %d\n", ruid);
+ printf("euid: %d\n", euid);
+ printf("gid: %d\n", rgid);
+ printf("egid: %d\n", egid);
+
+ printf("Supplementary groups: ");
+ if (ngids == 0) {
+ printf("[none]");
+ } else {
+ int i;
+ for (i = 0; i < ngids; i++) {
+ if (i)
+ putchar(',');
+ printf("%d", gids[i]);
+ }
+ }
+ putchar('\n');
+
+ free(gids);
+ return 0;
+}
+
int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
int setpriv_main(int argc UNUSED_PARAM, char **argv)
{
static const char setpriv_longopts[] ALIGN1 =
+ "dump\0" No_argument "d"
"nnp\0" No_argument "\xff"
"no-new-privs\0" No_argument "\xff"
;
@@ -66,11 +111,18 @@ int setpriv_main(int argc UNUSED_PARAM, char **argv)
opt_complementary = "";
applet_long_options = setpriv_longopts;
- opts = getopt32(argv, "+");
+ opts = getopt32(argv, "+d");
argc -= optind;
argv += optind;
+ if (opts & OPT_DUMP) {
+ if ((opts & ~OPT_DUMP) || argc)
+ bb_error_msg_and_die("setpriv: --dump is incompatible with all other options");
+
+ return dump();
+ }
+
if (!argc)
bb_error_msg_and_die("no program specified");
--
2.13.2
More information about the busybox
mailing list