[PATCH] Capabilities, this time in elf section

Pavel Machek (pavel@bug.ucw.cz)
Fri, 9 Apr 1999 13:20:06 +0200

Hi!

Here is second version of capabilities-into-elf patch.

This time additional headers are in separate elf section (you can add
it using objcopy --add-section). This section has to have special
code (0xca, you have to do this via hex-editor :-) and contains custom
header.

I would be _very_ glad if someone wrote utility to read/write these
headers.

Pavel

--- clean/fs/binfmt_elf.c Fri Mar 26 17:46:23 1999
+++ linux/fs/binfmt_elf.c Thu Apr 8 23:31:52 1999
@@ -425,8 +425,11 @@

retval = -ENOEXEC;
/* First of all, some simple consistency checks */
- if (elf_ex.e_ident[0] != 0x7f ||
- strncmp(&elf_ex.e_ident[1], "ELF", 3) != 0)
+ if (elf_ex.e_ident[0] != 0x7f)
+ goto out;
+
+ if (strncmp(&elf_ex.e_ident[1], "ELF", 3) &&
+ strncmp(&elf_ex.e_ident[1], "FLE", 3))
goto out;

if (elf_ex.e_type != ET_EXEC && elf_ex.e_type != ET_DYN)
@@ -471,6 +474,55 @@
start_code = ~0UL;
end_code = 0;
end_data = 0;
+
+ {
+ int size = elf_ex.e_shnum * sizeof(Elf32_Shdr);
+ char *buf = kmalloc(size, GFP_KERNEL);
+ Elf32_Shdr *shdr = buf;
+ int i;
+
+ printk( "Shdr size: %d, ", size );
+ retval = read_exec(bprm->dentry, elf_ex.e_shoff,
+ buf, size, 1);
+ printk( "read ok, " );
+
+ for (i=0; i<elf_ex.e_shnum; i++) {
+ Elf32_Shdr *hdr = shdr+i;
+ struct elf_capabilities cap;
+
+ printk( "." );
+
+ if (hdr->sh_type != 0xca)
+ continue;
+
+ printk( "Before: " );
+ printk( "uid = %d, effective = %x, permitted = %x, inheritable = %x\n", bprm->e_uid, bprm->cap_effective, bprm->cap_permitted, bprm->cap_inheritable );
+ printk( "Capabilities: " );
+
+ printk( "read: " );
+ read_exec(bprm->dentry, hdr->sh_offset, (void *) &cap, sizeof(struct elf_capabilities), 1);
+ printk( "ok, " );
+
+ printk( "read, " );
+ retval = -ENOEXEC;
+ if (cap.signature != 0xca5ab1e) {
+ printk( "signature = %x\n", cap.signature );
+ goto out;
+ }
+ printk( "sig ok, " );
+ if (cap.flags & ECF_MAKE_EUID_UID)
+ bprm->e_uid = current->uid;
+ if (cap.flags & ECF_MAKE_EUID_XUID)
+ bprm->e_uid = cap.xuid;
+ cap_mask( bprm->cap_effective, cap.capabilities );
+ cap_mask( bprm->cap_permitted, cap.capabilities );
+#if 0
+ cap_mask( current->cap_inheritable, cap.capabilities );
+#endif
+ printk( "uid = %d, effective = %x, permitted = %x, inheritable = %x\n", bprm->e_uid, bprm->cap_effective, bprm->cap_permitted, bprm->cap_inheritable );
+
+ }
+ }

for (i = 0; i < elf_ex.e_phnum; i++) {
if (elf_ppnt->p_type == PT_INTERP) {
--- clean/include/linux/elf.h Thu Jun 25 17:38:14 1998
+++ linux/include/linux/elf.h Thu Apr 8 16:53:45 1999
@@ -275,6 +278,7 @@
/* Legal values for e_flags field of Elf64_Ehdr. */

#define EF_ALPHA_32BIT 1 /* All addresses are below 2GB */
+#define EF_CAPABLE 2 /* Includes capabilities header */


typedef struct elf32_rel {
@@ -495,6 +501,17 @@
Elf32_Word n_descsz; /* Content size */
Elf32_Word n_type; /* Content type */
} Elf64_Nhdr;
+
+/* Capabilities support
+ */
+struct elf_capabilities {
+ Elf32_Word signature;
+ Elf32_Word capabilities;
+ Elf32_Word flags;
+#define ECF_MAKE_EUID_UID 1
+#define ECF_MAKE_EUID_XUID 2
+ Elf32_Word xuid;
+};

#if ELF_CLASS == ELFCLASS32

-- 
I'm really pavel@atrey.karlin.mff.cuni.cz. 	   Pavel
Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/