rpms/libcap-ng
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

automatic update by autodist [release 0.7.4-1mamba;Fri Apr 25 2014]

Browse Source
This commit is contained in:
Automatic Build System 2024-01-06 03:57:23 +01:00
parent 71973fd63f
commit 7b44f91189
4 changed files with 323 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -1,2 +1,5 @@
# libcap-ng
The libcap-ng library should make programming with posix capabilities easier.
The library has some utilities to help you analyse a system for apps that may have too much privileges.

163
libcap-ng-0.6.3-euid.patch Normal file
View File

@ -0,0 +1,163 @@
diff -urp libcap-ng-0.6.2/utils/netcap.c libcap-ng-0.6.3/utils/netcap.c
--- libcap-ng-0.6.2/utils/netcap.c 2009-07-26 08:16:16.000000000 -0400
+++ libcap-ng-0.6.3/utils/netcap.c 2009-10-03 08:36:30.000000000 -0400
@@ -31,7 +31,6 @@
#include <string.h>
#include <dirent.h>
#include <fcntl.h>
-#include <sys/stat.h>
#include <pwd.h>
#include "cap-ng.h"
#include "proc-llist.h"
@@ -56,12 +55,12 @@ static int collect_process_info(void)
return 1;
}
while (( ent = readdir(d) )) {
+ FILE *sf;
int pid, ppid;
capng_results_t caps;
char buf[100];
char *tmp, cmd[16], state, *text, *bounds;
- int fd, len;
- struct stat sb;
+ int fd, len, euid;
// Skip non-process dir entries
if(*ent->d_name<'0' || *ent->d_name>'9')
@@ -77,7 +76,6 @@ static int collect_process_info(void)
if (fd < 0)
continue;
len = read(fd, buf, sizeof buf - 1);
- fstat(fd, &sb);
close(fd);
if (len < 40)
continue;
@@ -109,6 +107,29 @@ static int collect_process_info(void)
text = capng_print_caps_text(CAPNG_PRINT_BUFFER,
CAPNG_PERMITTED);
+ // Get the effective uid
+ snprintf(buf, 32, "/proc/%d/status", pid);
+ sf = fopen(buf, "rt");
+ if (sf == NULL)
+ euid = 0;
+ else {
+ int line = 0;
+ __fsetlocking(sf, FSETLOCKING_BYCALLER);
+ while (fgets(buf, sizeof(buf), sf)) {
+ if (line == 0) {
+ line++;
+ continue;
+ }
+ if (memcmp(buf, "Uid:", 4) == 0) {
+ int id;
+ sscanf(buf, "Uid: %d %d",
+ &id, &euid);
+ break;
+ }
+ }
+ fclose(sf);
+ }
+
// Now record the bounding set information
if (caps == CAPNG_PARTIAL) {
caps = capng_have_capabilities(CAPNG_SELECT_BOUNDS);
@@ -170,7 +191,7 @@ static int collect_process_info(void)
continue;
node.ppid = ppid;
node.pid = pid;
- node.uid = sb.st_uid;
+ node.uid = euid;
node.cmd = strdup(cmd);
node.inode = inode;
node.capabilities = strdup(text);
diff -urp libcap-ng-0.6.2/utils/pscap.c libcap-ng-0.6.3/utils/pscap.c
--- libcap-ng-0.6.2/utils/pscap.c 2009-08-16 08:29:37.000000000 -0400
+++ libcap-ng-0.6.3/utils/pscap.c 2009-10-03 08:36:57.000000000 -0400
@@ -23,12 +23,12 @@
#include "config.h"
#include <stdio.h>
+#include <stdio_ext.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <dirent.h>
#include <fcntl.h>
-#include <sys/stat.h>
#include <pwd.h>
#include "cap-ng.h"
@@ -69,11 +69,10 @@ int main(int argc, char *argv[])
return 1;
}
while (( ent = readdir(d) )) {
- int pid, ppid, uid = -1;
+ int pid, ppid, uid = -1, euid;
char buf[100];
char *tmp, cmd[16], state, *name = NULL;
int fd, len;
- struct stat sb;
struct passwd *p;
// Skip non-process dir entries
@@ -90,7 +89,6 @@ int main(int argc, char *argv[])
if (fd < 0)
continue;
len = read(fd, buf, sizeof buf - 1);
- fstat(fd, &sb);
close(fd);
if (len < 40)
continue;
@@ -120,20 +118,47 @@ int main(int argc, char *argv[])
// And print out anything with capabilities
caps = capng_have_capabilities(CAPNG_SELECT_CAPS);
if (caps > CAPNG_NONE) {
+ // Get the effective uid
+ FILE *f;
+ int line;
+ snprintf(buf, 32, "/proc/%d/status", pid);
+ f = fopen(buf, "rt");
+ if (f == NULL)
+ euid = 0;
+ else {
+ line = 0;
+ __fsetlocking(f, FSETLOCKING_BYCALLER);
+ while (fgets(buf, sizeof(buf), f)) {
+ if (line == 0) {
+ line++;
+ continue;
+ }
+ if (memcmp(buf, "Uid:", 4) == 0) {
+ int id;
+ sscanf(buf, "Uid: %d %d",
+ &id, &euid);
+ break;
+ }
+ }
+ fclose(f);
+ }
+
+ len = read(fd, buf, sizeof buf - 1);
+ close(fd);
if (header == 0) {
printf("%-5s %-5s %-10s %-16s %s\n",
"ppid", "pid", "name", "command",
"capabilities");
header = 1;
}
- if (sb.st_uid == 0) {
+ if (euid == 0) {
// Take short cut for this one
name = "root";
uid = 0;
- } else if (uid != (int)sb.st_uid) {
+ } else if (euid != uid) {
// Only look up if name changed
- p = getpwuid(sb.st_uid);
- uid = sb.st_uid;
+ p = getpwuid(euid);
+ uid = euid;
if (p)
name = p->pw_name;
// If not taking this branch, use last val

15
libcap-ng-0.6.3-setpcap.patch Normal file
View File

@ -0,0 +1,15 @@
diff -urp libcap-ng-0.6.2/src/cap-ng.c libcap-ng-0.6.3/src/cap-ng.c
--- libcap-ng-0.6.2/src/cap-ng.c 2009-09-23 17:31:00.000000000 -0400
+++ libcap-ng-0.6.3/src/cap-ng.c 2009-10-09 08:59:01.000000000 -0400
@@ -549,8 +549,9 @@ int capng_change_id(int uid, int gid, ca
// Check the current capabilities
#ifdef PR_CAPBSET_DROP
- // If newer kernel, we need setpcap
- if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP) == 0)
+ // If newer kernel, we need setpcap to change the bounding set
+ if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP) == 0 &&
+ flag & CAPNG_CLEAR_BOUNDING)
capng_update(CAPNG_ADD,
CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPCAP);
#endif

142
libcap-ng.spec Normal file
View File

@ -0,0 +1,142 @@
Name: libcap-ng
Version: 0.7.4
Release: 1mamba
Summary: An alternate posix capabilities library
Group: System/Libraries
Vendor: openmamba
Distribution: openmamba
Packager: Automatic Build System <autodist@mambasoft.it>
URL: http://people.redhat.com/sgrubb/libcap-ng/
Source: http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-%{version}.tar.gz
License: GPL
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
BuildRequires: libpython-devel
## AUTOBUILDREQ-END
BuildRequires: libattr-devel
BuildRequires: swig
Patch0: libcap-ng-0.6.3-euid.patch
Patch1: libcap-ng-0.6.3-setpcap.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root
%description
The libcap-ng library should make programming with posix capabilities easier.
The library has some utilities to help you analyse a system for apps that may have too much privileges.
%package devel
Summary: Devel package for %{name}
Group: Development/Libraries
Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release}
%description devel
The libcap-ng library should make programming with posix capabilities easier.
The library has some utilities to help you analyse a system for apps that may have too much privileges.
This package contains libraries and header files need for development.
%package -n python-libcap-ng
Group: Development/Libraries
Summary: Python bindings for libcap-ng library
Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release}
%description -n python-libcap-ng
The libcap-ng library should make programming with posix capabilities easier.
The library has some utilities to help you analyse a system for apps that may have too much privileges.
This package contains the bindings so that libcap-ng and can be used by python applications.
%package utils
Group: Development/Libraries
Summary: Utilities for analysing and setting file capabilities
%description utils
The libcap-ng library should make programming with posix capabilities easier.
The library has some utilities to help you analyse a system for apps that may have too much privileges.
This package contains applications to analyse the posix capabilities of all the program running on a system.
It also lets you set the file system based capabilities.
%prep
%setup -q
#%patch0 -p1
#%patch1 -p1
%build
%configure \
--libdir=/%{_lib}
%make
%install
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%makeinstall pkgconfigdir=%{_libdir}/pkgconfig
# Remove static libraries
rm -f %{buildroot}/%{_lib}/libcap-ng.a
rm -f %{buildroot}/%{python_sitearch}/_capng.a
rm -f %{buildroot}/%{python_sitearch}/_capng.la
%clean
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root)
%attr(755,root,root) /%{_lib}/libcap-ng.so.*
%doc AUTHORS COPYING.LIB
%files devel
%defattr(-,root,root)
%attr(644,root,root) %{_datadir}/aclocal/cap-ng.m4
%attr(644,root,root) %{_includedir}/cap-ng.h
%attr(755,root,root) /%{_lib}/libcap-ng.la
%attr(755,root,root) /%{_lib}/libcap-ng.so
%{_libdir}/pkgconfig/libcap-ng.pc
%attr(644,root,root) %{_mandir}/man3/capng_*.3.gz
%doc ChangeLog README
%files -n python-libcap-ng
%defattr(-,root,root)
%attr(755,root,root) %{python_sitearch}/_capng.so
%attr(644,root,root) %{python_sitearch}/capng.py
%attr(644,root,root) %{python_sitearch}/capng.pyc
%attr(644,root,root) %{python_sitearch}/capng.pyo
%files utils
%defattr(-,root,root)
%attr(755,root,root) %{_bindir}/captest
%attr(755,root,root) %{_bindir}/filecap
%attr(755,root,root) %{_bindir}/netcap
%attr(755,root,root) %{_bindir}/pscap
%attr(644,root,root) %{_mandir}/man8/*.8.gz
%doc COPYING
%changelog
* Fri Apr 25 2014 Automatic Build System <autodist@mambasoft.it> 0.7.4-1mamba
- automatic update by autodist
* Mon Nov 12 2012 Automatic Build System <autodist@mambasoft.it> 0.7.3-1mamba
- automatic version update by autodist
* Tue Oct 30 2012 Automatic Build System <autodist@mambasoft.it> 0.7.1-1mamba
- automatic version update by autodist
* Mon Aug 06 2012 Automatic Build System <autodist@mambasoft.it> 0.7-1mamba
- automatic version update by autodist
* Thu Jun 30 2011 Automatic Build System <autodist@mambasoft.it> 0.6.6-1mamba
- automatic update by autodist
* Sun Nov 07 2010 Automatic Build System <autodist@mambasoft.it> 0.6.5-1mamba
- automatic update by autodist
* Sun Jun 27 2010 Automatic Build System <autodist@mambasoft.it> 0.6.4-1mamba
- automatic update by autodist
* Tue Jan 05 2010 Stefano Cotta Ramusino <stefano.cotta@openmamba.org> 0.6.2-2mamba
- rebuilt
* Fri Nov 27 2009 gil <puntogil@libero.it> 0.6.2-1mamba
- package created by autospec