diff -urp libcap-ng-0.6.2/utils/netcap.c libcap-ng-0.6.3/utils/netcap.c --- libcap-ng-0.6.2/utils/netcap.c 2009-07-26 08:16:16.000000000 -0400 +++ libcap-ng-0.6.3/utils/netcap.c 2009-10-03 08:36:30.000000000 -0400 @@ -31,7 +31,6 @@ #include #include #include -#include #include #include "cap-ng.h" #include "proc-llist.h" @@ -56,12 +55,12 @@ static int collect_process_info(void) return 1; } while (( ent = readdir(d) )) { + FILE *sf; int pid, ppid; capng_results_t caps; char buf[100]; char *tmp, cmd[16], state, *text, *bounds; - int fd, len; - struct stat sb; + int fd, len, euid; // Skip non-process dir entries if(*ent->d_name<'0' || *ent->d_name>'9') @@ -77,7 +76,6 @@ static int collect_process_info(void) if (fd < 0) continue; len = read(fd, buf, sizeof buf - 1); - fstat(fd, &sb); close(fd); if (len < 40) continue; @@ -109,6 +107,29 @@ static int collect_process_info(void) text = capng_print_caps_text(CAPNG_PRINT_BUFFER, CAPNG_PERMITTED); + // Get the effective uid + snprintf(buf, 32, "/proc/%d/status", pid); + sf = fopen(buf, "rt"); + if (sf == NULL) + euid = 0; + else { + int line = 0; + __fsetlocking(sf, FSETLOCKING_BYCALLER); + while (fgets(buf, sizeof(buf), sf)) { + if (line == 0) { + line++; + continue; + } + if (memcmp(buf, "Uid:", 4) == 0) { + int id; + sscanf(buf, "Uid: %d %d", + &id, &euid); + break; + } + } + fclose(sf); + } + // Now record the bounding set information if (caps == CAPNG_PARTIAL) { caps = capng_have_capabilities(CAPNG_SELECT_BOUNDS); @@ -170,7 +191,7 @@ static int collect_process_info(void) continue; node.ppid = ppid; node.pid = pid; - node.uid = sb.st_uid; + node.uid = euid; node.cmd = strdup(cmd); node.inode = inode; node.capabilities = strdup(text); diff -urp libcap-ng-0.6.2/utils/pscap.c libcap-ng-0.6.3/utils/pscap.c --- libcap-ng-0.6.2/utils/pscap.c 2009-08-16 08:29:37.000000000 -0400 +++ libcap-ng-0.6.3/utils/pscap.c 2009-10-03 08:36:57.000000000 -0400 @@ -23,12 +23,12 @@ #include "config.h" #include +#include #include #include #include #include #include -#include #include #include "cap-ng.h" @@ -69,11 +69,10 @@ int main(int argc, char *argv[]) return 1; } while (( ent = readdir(d) )) { - int pid, ppid, uid = -1; + int pid, ppid, uid = -1, euid; char buf[100]; char *tmp, cmd[16], state, *name = NULL; int fd, len; - struct stat sb; struct passwd *p; // Skip non-process dir entries @@ -90,7 +89,6 @@ int main(int argc, char *argv[]) if (fd < 0) continue; len = read(fd, buf, sizeof buf - 1); - fstat(fd, &sb); close(fd); if (len < 40) continue; @@ -120,20 +118,47 @@ int main(int argc, char *argv[]) // And print out anything with capabilities caps = capng_have_capabilities(CAPNG_SELECT_CAPS); if (caps > CAPNG_NONE) { + // Get the effective uid + FILE *f; + int line; + snprintf(buf, 32, "/proc/%d/status", pid); + f = fopen(buf, "rt"); + if (f == NULL) + euid = 0; + else { + line = 0; + __fsetlocking(f, FSETLOCKING_BYCALLER); + while (fgets(buf, sizeof(buf), f)) { + if (line == 0) { + line++; + continue; + } + if (memcmp(buf, "Uid:", 4) == 0) { + int id; + sscanf(buf, "Uid: %d %d", + &id, &euid); + break; + } + } + fclose(f); + } + + len = read(fd, buf, sizeof buf - 1); + close(fd); if (header == 0) { printf("%-5s %-5s %-10s %-16s %s\n", "ppid", "pid", "name", "command", "capabilities"); header = 1; } - if (sb.st_uid == 0) { + if (euid == 0) { // Take short cut for this one name = "root"; uid = 0; - } else if (uid != (int)sb.st_uid) { + } else if (euid != uid) { // Only look up if name changed - p = getpwuid(sb.st_uid); - uid = sb.st_uid; + p = getpwuid(euid); + uid = euid; if (p) name = p->pw_name; // If not taking this branch, use last val