Hi!
Capabilities reached state where they are actually usefull. (I was
able to lower permissions for programs like ping and rlogin). There
are still some problems with headers (I include
/usr/src/linux/include/linux/capability.h directly -- that's ugly),
and there are problems with applications which do getuid() and then
print failed - must be run as root when they actually do not need root
at all (fping). Diff against kernel follows, and diff against
http://www.goop.org/~jeremy/elf-caps.html follows, too (Jeremy, please
apply at least parts which look clean to you).
Pavel
PS: I'd like this "obviously right" patch go in as soon as possible
[well perhaps modulo "FLE" ugliness and modulo one printk], so please
take a carefull look.
--- clean/include/linux/elf.h Thu Jun 25 17:38:14 1998
+++ linux/include/linux/elf.h Mon Apr 19 22:11:31 1999
@@ -496,6 +496,39 @@
Elf32_Word n_type; /* Content type */
} Elf64_Nhdr;
+/* Capabilities support
+ */
+struct elf_capabilities {
+ Elf32_Word signature;
+ Elf32_Word version; /* Currently 0, this is so that you can append on the end painlessly */
+ Elf32_Word flags;
+#define ECF_MAKE_EUID_UID 1
+#define ECF_MAKE_EUID_XUID 2
+ Elf32_Word xuid;
+ Elf32_Word effective;
+ Elf32_Word effective1;
+ Elf32_Word effective2;
+ Elf32_Word effective3;
+ Elf32_Word permitted;
+ Elf32_Word permitted1;
+ Elf32_Word permitted2;
+ Elf32_Word permitted3;
+ Elf32_Word inheritable;
+ Elf32_Word inheritable1;
+ Elf32_Word inheritable2;
+ Elf32_Word inheritable3;
+ Elf32_Word known;
+ Elf32_Word known1;
+ Elf32_Word known2;
+ Elf32_Word known3;
+};
+
+struct elf_capabilities_note {
+ Elf32_Nhdr notehdr;
+ __u32 note_signature; /* == "CAPS" */
+ struct elf_capabilities cap;
+};
+
#if ELF_CLASS == ELFCLASS32
extern Elf32_Dyn _DYNAMIC [];
--- clean/fs/binfmt_elf.c Fri Mar 26 17:46:23 1999
+++ linux/fs/binfmt_elf.c Fri Apr 30 22:59:40 1999
@@ -7,6 +7,7 @@
* Tools".
*
* Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
+ * Capabilities copyright 1999 Pavel Machek (pavel@ucw.cz).
*/
#include <linux/module.h>
@@ -425,8 +426,11 @@
retval = -ENOEXEC;
/* First of all, some simple consistency checks */
- if (elf_ex.e_ident[0] != 0x7f ||
- strncmp(&elf_ex.e_ident[1], "ELF", 3) != 0)
+ if (elf_ex.e_ident[0] != 0x7f)
+ goto out;
+
+ if (strncmp(&elf_ex.e_ident[1], "ELF", 3) &&
+ strncmp(&elf_ex.e_ident[1], "FLE", 3))
goto out;
if (elf_ex.e_type != ET_EXEC && elf_ex.e_type != ET_DYN)
@@ -473,6 +477,35 @@
end_data = 0;
for (i = 0; i < elf_ex.e_phnum; i++) {
+ if (elf_ppnt->p_type == PT_NOTE) {
+ struct elf_capabilities_note note;
+
+ retval = read_exec(bprm->dentry, elf_ppnt->p_offset,
+ (void *) ¬e,
+ sizeof (struct elf_capabilities_note), 1);
+ if (retval<0)
+ goto out_free_ph;
+ if (note.note_signature != be32_to_cpu(0x43415053)) /* "CAPS" */
+ continue;
+
+ retval = -ENOEXEC;
+ if (note.cap.signature != 0xca5ab1e) {
+ printk( "signature = %x, version = %x, header @ %x\n", note.cap.signature, note.cap.version, elf_ppnt->p_offset );
+ goto out_free_ph;
+ }
+ if (note.cap.flags & ECF_MAKE_EUID_UID) /* You may want to loose owner's uid */
+ bprm->e_uid = current->uid;
+ if (!bprm->e_uid) { /* We only honour random uid changes for root */
+ if (note.cap.flags & ECF_MAKE_EUID_XUID)
+ bprm->e_uid = note.cap.xuid;
+ }
+ cap_mask( bprm->cap_effective, note.cap.effective );
+ cap_mask( bprm->cap_permitted, note.cap.permitted );
+ cap_mask( bprm->cap_inheritable, note.cap.inheritable );
+
+ printk( KERN_DEBUG "Now: uid = %d, effective = %x, permitted = %x, inheritable = %x\n", bprm->e_uid, bprm->cap_effective, bprm->cap_permitted, bprm->cap_inheritable );
+
+ }
if (elf_ppnt->p_type == PT_INTERP) {
retval = -EINVAL;
if (elf_interpreter)
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-). --yrj/dFKFPuw6o+aM Content-Type: application/x-gzip Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="delme.gz"H4sICCEhKjcAA2RlbG1lAJ1ZeXPaShL/W3yKNiknnAZ8G5KsCcYxGwwuDC95lU1RQhqBXoRE 6fCVOJ99u2dGF4LEu64EzUz/uqenp48ZaWhbj2DawCxDU1dNUHXddnyW003DgGogx/ccw9Rq kranydF4IFetVjdDlVvVh/bKhf1D2D9oHp4090+gcXZ2liuXyxk5yqVrcvRBndD7x836gUCf n0O1UTmEMv2cn+eqtVKuXCvB7/8KC/ZYAbZUNa8C/sL0AP9VS1WwTDt4qGq8vXR0VswBlKCt 66DCzXg6GI674LH5ktk++A6oNnT7l8AemBb46sxiBOcsYyl05TLff4Q5s5lraoCL9hcMRZOE CswCH0wfgbbPbJ3pJHPGOERzXAaOwRd4UjmG8kmlcUIrjKR7juHfq4jC9oyZ9hxcZjHVQzEB CnO5mI+DCdwEMwvn7psaszW2F+nYcVaPrjlf+NyUFfg3c9nyES5N/2mhujpKZPD2Hz54Pncc 3EJ3/j5X3sB5o94xC65VbcG+w9sV9c4D7X5Pe3oPhd6bOwa4jwtSUZ2rpu350P9404dmtUji cuVceeyg7XEct12dmZbpm4y2xn1sEvVV6H9QtaA2M+3aCoVJPo/5aGZn7qpLMBwX3MC2aSrb sauu4/jcyg75s8HuUxOAq5porgoEHkNzLpnQ0TK/s7VZNRh0x9NR+zNUPT2lARqyloMcvDJt zQp0tJjn66azt3jPt26/XjmF8kGj0qjzzUvAHr3aSkWlCbo27vmqz4dz1ZiAQUFj5WgkXws8 t+a5Wo27bU2Oy1600Me9Rf7FXHySPE5cfqUzw7QZDIbTwdXFKKFinmziCRiOGgiEi+6HyUcR jYfcXRvH9Urj4IAvWsEgCFxMJgvdbeXgmcSjywMzDKb5JrrHO6hXYMXcpen76L+8a9oLjBke VjjwC0cMS517ghiYHPVwWj85Yict2q47B8dw1VMebKrPCp7vBppP2WSa2vYS9tDzfuTKCraq 7z1zbquoIdfjQVOP1FmDtULqHXM907GJFo0lNY/aETW5kKgdUdPrSvQiRLhO/oxGH8Sa8ReH nmnFmOcaQAmZFoTRj8nGw7ziwQJjExNAatH+ArOVE7hwp7omTeeR5/J9IKNpzhK98UU2Mw0o rNltJ2E4RCnhjjdaSXxoSUJvR8W2fQ2/os52fGxtxEed7fik/ZEj0d3IIzYDgfHWZHCyXQ83 RhqR7KozTwNuNTS0HSz5dmJ6hZKtLmnLn1ubOKhBAO/rN9xz4v8BnfbNtHM1/DyoQJ4/8/Bc iSgX7c50+Fd3NOpddBGQ7GZwo277YnrbbY86VxKaGEmhL3Ga7ghBopGm3XbHvQui8cYabXrd vv3EibyVon7q9ftIogeNKwp68hF3RwlAgR+5aNFIMePQJKRNsrQbfAoitVLUfm8w+TLtXV9P xu0PfbLS2kgKTRn/Q29AZhn91esQfH2IK09RWE8qz1GjYfui074dh1xhPzNF++K6N5Ao3s4g sOxIOrZS1N5NZ9ofdsjMYTNDDzcwakdKpy3+N+7T8GLCzRJ30tbFYVShN5QQ3s4gOlej4XAs IaKTwdyMR+1OOJPoZDHtTicUw9uh4vv1dcVDG0btjLAPsUofNik06EXqDHoblBl1b4eTUYQJ uxncuHcdYqgZefd+xtjj8d/TznBw2fsY4qOBSCoWusGk38eKKdNEmK3xIIen0wJ1TZmV1zNI aYWJI0ojnFtZuchhFCC/Wz99UPJYY6EoKJTpTHhHiRlkNovABTxJseJ/7DwHx9BfG7A7O+1+ f2cnBCfn/Cr57xcmZt4CJlPSrMiTmxT6GgqNt2+JEiyLPMuG7PldD1DfkInkKKtymZ7PcQKO 5voWKvCcOhlw+ktKXCSIjvedBKiZMsOfqmAkBmCm6hAhm8ruAwqqwJoALjjBJAsmwvUYHlbR dXBUKpsKqZj0E1grrOusUdXcxhrX2HXWRPncxpwsuOvs323n3t7GyIkZFl6C0xYUNXodiCel ppLC8SNU5BZhMOmMzymqshcecpDo8rh5UWQhFAcR6TtWAW8uUlqpSPFbwagKXQaByeODGwrY GhU7KFTDW522XJHgECCiQ0pJRM2WyBDzpKMBL05TbuKXRMRLjLBxDYmd/PkOIkXX9CTN6BoM S7wf8rymunMNt02YETt3eBf/gXcJnvPw8u664kTO7xzHZ3Q7Lh/Uzyr7Z+LO4RjG1Kd7J8NW KzXgPcV9J/BnaN2W3HK6hE75ZZFfM+SpODGi4x3bxwFLF9ODQndPWi/2Sc2v9W8turgJaxQo VeL133dWfkEsiUCY8vPFIiWMakPY6Q9orcmaq6bZDJqe5egpXlAU7970tUXBjEyO99k32psm lhBurhaYcrekr6N8FCycRVHixIA7hOA42kV/5jL1e4uqUCiboewU1wbZki1mWiFTSvRLmExk 4sUheWsStSd9karLxSRHXzhHgHOIy5XqO2aME2kFhXQ7l3iI/dSddvHAOf2CP1khHgrZwrAR byE+6W2NLMRByJoHbkDpiEp5ZYxB18DLuRpYfpPaCgYNRRw28Q5O/yme0LgUTD9/8pAjv0ID mLZe5t5VVRRD5lTP1xGIzjjx1DlrApZk9sDI9SnDkkK/QX6tMvjyDR8r8TDFI6AsTQ3PWuAz KQ949RexVeRKx1cuUp6/Xmk0KhT3xwcV8XIs9BXdJS+h5Ftc48QVeVJNkjwLDNRz19uz2T2W CakAj4xNsF0vBiWTwb/y+WaeyyBVeZpacSWg0LWMg/3pDfVKRdRtqa7KXEOsyNPVAtMQZ+HL OTjhr4tOMY0d8/WgJMNxC/wt1DuRvFr8QftEy5M9QcPMyh58vmKyA1UOrBqSwjXG0+egfd0t 8qMevH5N+0tvRAXGf1zx6OqMpwi85TVmO1Ukm2SlTJx4hpaeev8QH5x4SZBHMSFYV31VkkQd Tb6QyECSVTQx4RUesK6y7z0S0zLLYxuYLOd+Ow8/5SVCUM7KHkyfK0GFjxw1Dsrn8GyY5BKm iqZtW9amF5HxvFx+g7efFUVKjLJFMYLUQ29DsvAD6fSiLkjXWKqW5WgFz3zCWlgo0WixKCrn /tFhpXEM5cN9fB7FIZSwOgkyXLa2ExRHtdL/9lfL8ABe02FyQ255C1fdURc28CBXPHVmOfHB xKNFJbHeE53JsrAWl7lkSzwBJVaFx7QHFX+TAiT2/1gp7tGftV4/cRX5lv92BRkW4pg9MddJ LWVtEaFQEcNhCItjW+qd6Vq4pc+JG4gb4xhdRpyzwpyFK+AYT/hr8qWxIvwQUx654dFppSFf Gsv6JE9wZAc2n5IjeitVYwXsUUBU5IkucY+Ns3IxPEQHtmXa38NMzrNfePDaULV2vSY6iv2G 8trSwQMO1VWDzrZE2fXCchfXJ9QiLBK4TSgFczb+2k4xymvx28JE4S3g8dOgmu2smB0XmuF0 dPF59HM4HY8mgw4+O6Nue1wrYav7pdMv1WiaPcwG/BtVYjnw29VomKQwIfhsucosZ7j5g9+e tue45vw3ZJf9s536ayvJyVDwqQfL1bZx5Nj08VF+iwg/Gcpu5sOjHF//7HjaPDrNfHYMscmP jo1m46R5dBJ/dDyjc8eZPHXUStC2Uecq/2rHsy59FZIRy/u0N8l+iSo1pSvNoe9hqVfCqRfE 4sZDcRu2RVBTj1/lStSX96CzyhmU8Vd+beLvnHE2Yxm99RCThxcr+sriU0ymVcNfrF0e3okT ynFsJY3k4VzGcLYpnqNPRaQtDUgsrV2cgj47rq7Y4s741KIXYwO6OVF+4BZLw+iiKWEdhz6R +tuQ3DxKEsgTHQGfQSAH/OMTpuVXzEZHyriZ3PWsxwqCk/svw2nrtRMfAAA=
--yrj/dFKFPuw6o+aM--
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/