From 10c53b85c992afca47e7a70f05379a5038bdaeb9 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Thu, 6 Jul 2017 15:21:43 +0200 Subject: setpriv: dump no-new-privs info Introduce the ability to dump the state of the no-new-privs flag, which states whethere it is allowed to grant new privileges. function old new delta setpriv_main 419 467 +48 .rodata 145926 145969 +43 Signed-off-by: Patrick Steinhardt Signed-off-by: Denys Vlasenko --- util-linux/setpriv.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'util-linux') diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c index f21ce6632..8d3f25875 100644 --- a/util-linux/setpriv.c +++ b/util-linux/setpriv.c @@ -62,6 +62,10 @@ #define PR_SET_NO_NEW_PRIVS 38 #endif +#ifndef PR_GET_NO_NEW_PRIVS +#define PR_GET_NO_NEW_PRIVS 39 +#endif + enum { IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,) OPTBIT_NNP, @@ -76,13 +80,17 @@ static int dump(void) uid_t ruid, euid, suid; gid_t rgid, egid, sgid; gid_t *gids; - int ngids; + int ngids, nnp; getresuid(&ruid, &euid, &suid); /* never fails in Linux */ getresgid(&rgid, &egid, &sgid); /* never fails in Linux */ ngids = 0; gids = bb_getgroups(&ngids, NULL); /* never fails in Linux */ + nnp = prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0); + if (nnp < 0) + bb_simple_perror_msg_and_die("prctl: GET_NO_NEW_PRIVS"); + printf("uid: %u\n", (unsigned)ruid); printf("euid: %u\n", (unsigned)euid); printf("gid: %u\n", (unsigned)rgid); @@ -99,7 +107,7 @@ static int dump(void) fmt = ",%u"; } } - bb_putchar('\n'); + printf("\nno_new_privs: %d\n", nnp); if (ENABLE_FEATURE_CLEAN_UP) free(gids); -- cgit v1.2.3