setpriv: dump no-new-privs info

Introduce the ability to dump the state of the no-new-privs flag, which
states whethere it is allowed to grant new privileges.

function                                             old     new   delta
setpriv_main                                         419     467     +48
.rodata                                           145926  145969     +43

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 10 insertions, 2 deletions

diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index f21ce6632..8d3f25875 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -62,6 +62,10 @@
 #define PR_SET_NO_NEW_PRIVS 38
 #endif
 
+#ifndef PR_GET_NO_NEW_PRIVS
+#define PR_GET_NO_NEW_PRIVS 39
+#endif
+
 enum {
         IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,)
         OPTBIT_NNP,
@@ -76,13 +80,17 @@ static int dump(void)
         uid_t ruid, euid, suid;
         gid_t rgid, egid, sgid;
         gid_t *gids;
-        int ngids;
+        int ngids, nnp;
 
         getresuid(&ruid, &euid, &suid); /* never fails in Linux */
         getresgid(&rgid, &egid, &sgid); /* never fails in Linux */
         ngids = 0;
         gids = bb_getgroups(&ngids, NULL); /* never fails in Linux */
 
+        nnp = prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);
+        if (nnp < 0)
+                bb_simple_perror_msg_and_die("prctl: GET_NO_NEW_PRIVS");
+
         printf("uid: %u\n", (unsigned)ruid);
         printf("euid: %u\n", (unsigned)euid);
         printf("gid: %u\n", (unsigned)rgid);
@@ -99,7 +107,7 @@ static int dump(void)
                         fmt = ",%u";
                 }
         }
-        bb_putchar('\n');
+        printf("\nno_new_privs: %d\n", nnp);
 
         if (ENABLE_FEATURE_CLEAN_UP)
                 free(gids);