setpriv: dump user and group info

setpriv from util-linux has an option to dump the current state regarding privilege settings via '--dump'. It prints out information on the real and effective user and group IDs, supplementary groups, the no-new-privs flag, the capability sets as well as secure bits. This patch is the start of supporting this mode. To make introduction of the '--dump' easier to reason about, its introduction has been split into multiple patches. This particular one introduces the ability to print out user and group information of the current process. function old new delta setpriv_main 89 322 +233 getresuid - 41 +41 getresgid - 41 +41 static.setpriv_longopts 22 29 +7 packed_usage 31675 31669 -6 ------------------------------------------------------------------------------ (add/remove: 4/0 grow/shrink: 2/1 up/down: 322/-6) Total: 316 bytes Patch by Patrick Steinhardt <ps@pks.im> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-07-04 18:49:24 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-07-04 18:59:11 +0200
commit: 6798486141057f7989c0e59d5f645aba87a58f62 (patch)
tree: 3511f6a8f344d290747fdaddc670746671af2094
parent: a8cf9c5a3ffd1601872d1ab14c5be00fde29209c (diff)
download: busybox-w32-6798486141057f7989c0e59d5f645aba87a58f62.tar.gz
busybox-w32-6798486141057f7989c0e59d5f645aba87a58f62.tar.bz2
busybox-w32-6798486141057f7989c0e59d5f645aba87a58f62.zip
1 files changed, 62 insertions, 3 deletions
diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index d15e0d84e..f21ce6632 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -15,6 +15,14 @@
 //config:       help
 //config:         Run a program with different Linux privilege settings.
 //config:         Requires kernel >= 3.5
+//config:
+//config:config FEATURE_SETPRIV_DUMP
+//config:       bool "Support dumping current privilege state"
+//config:       default y
+//config:       depends on SETPRIV
+//config:       help
+//config:         Enables the "--dump" switch to print out the current privilege
+//config:         state. This is helpful for diagnosing problems.
 //applet:IF_SETPRIV(APPLET(setpriv, BB_DIR_BIN, BB_SUID_DROP))
@@ -24,6 +32,9 @@
 //usage:        "[OPTIONS] PROG [ARGS]"
 //usage:#define setpriv_full_usage "\n\n"
 //usage:       "Run PROG with different privilege settings\n"
+//usage:        IF_FEATURE_SETPRIV_DUMP(
+//usage:     "\n-d,--dump               Show current capabilities"
+//usage:        )
 //usage:     "\n--nnp,--no-new-privs    Ignore setuid/setgid bits and file capabilities"
 //setpriv from util-linux 2.28:
@@ -52,25 +63,73 @@
 #endif
 enum {
+        IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,)
        OPTBIT_NNP,
-        OPT_NNP = (1 << OPTBIT_NNP),
+        IF_FEATURE_SETPRIV_DUMP(OPT_DUMP = (1 << OPTBIT_DUMP),)
+        OPT_NNP  = (1 << OPTBIT_NNP),
 };
+#if ENABLE_FEATURE_SETPRIV_DUMP
+static int dump(void)
+{
+        uid_t ruid, euid, suid;
+        gid_t rgid, egid, sgid;
+        gid_t *gids;
+        int ngids;
+        getresuid(&ruid, &euid, &suid); /* never fails in Linux */
+        getresgid(&rgid, &egid, &sgid); /* never fails in Linux */
+        ngids = 0;
+        gids = bb_getgroups(&ngids, NULL); /* never fails in Linux */
+        printf("uid: %u\n", (unsigned)ruid);
+        printf("euid: %u\n", (unsigned)euid);
+        printf("gid: %u\n", (unsigned)rgid);
+        printf("egid: %u\n", (unsigned)egid);
+        printf("Supplementary groups: ");
+        if (ngids == 0) {
+                printf("[none]");
+        } else {
+                const char *fmt = ",%u" + 1;
+                int i;
+                for (i = 0; i < ngids; i++) {
+                        printf(fmt, (unsigned)gids[i]);
+                        fmt = ",%u";
+                }
+        }
+        bb_putchar('\n');
+        if (ENABLE_FEATURE_CLEAN_UP)
+                free(gids);
+        return EXIT_SUCCESS;
+}
+#endif /* FEATURE_SETPRIV_DUMP */
 int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int setpriv_main(int argc UNUSED_PARAM, char **argv)
 {
        static const char setpriv_longopts[] ALIGN1 =
+                IF_FEATURE_SETPRIV_DUMP(
+                "dump\0"         No_argument    "d"
+                )
                "nnp\0"          No_argument    "\xff"
                "no-new-privs\0" No_argument    "\xff"
                ;
        int opts;
        applet_long_options = setpriv_longopts;
-        opts = getopt32(argv, "+");
+        opts = getopt32(argv, "+"IF_FEATURE_SETPRIV_DUMP("d"));
        argv += optind;
+#if ENABLE_FEATURE_SETPRIV_DUMP
+        if (opts & OPT_DUMP) {
+                if (argv[0] || (opts - OPT_DUMP) != 0)
+                        bb_show_usage();
+                return dump();
+        }
+#endif
        if (opts & OPT_NNP) {
                if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
                        bb_simple_perror_msg_and_die("prctl: NO_NEW_PRIVS");
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-07-04 18:49:24 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-07-04 18:59:11 +0200
commit	6798486141057f7989c0e59d5f645aba87a58f62 (patch)
tree	3511f6a8f344d290747fdaddc670746671af2094
parent	a8cf9c5a3ffd1601872d1ab14c5be00fde29209c (diff)
download	busybox-w32-6798486141057f7989c0e59d5f645aba87a58f62.tar.gz busybox-w32-6798486141057f7989c0e59d5f645aba87a58f62.tar.bz2 busybox-w32-6798486141057f7989c0e59d5f645aba87a58f62.zip

diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c index d15e0d84e..f21ce6632 100644 --- a/util-linux/setpriv.c +++ b/util-linux/setpriv.c
@@ -15,6 +15,14 @@
15	//config: help	15	//config: help
16	//config: Run a program with different Linux privilege settings.	16	//config: Run a program with different Linux privilege settings.
17	//config: Requires kernel >= 3.5	17	//config: Requires kernel >= 3.5
		18	//config:
		19	//config:config FEATURE_SETPRIV_DUMP
		20	//config: bool "Support dumping current privilege state"
		21	//config: default y
		22	//config: depends on SETPRIV
		23	//config: help
		24	//config: Enables the "--dump" switch to print out the current privilege
		25	//config: state. This is helpful for diagnosing problems.
18		26
19	//applet:IF_SETPRIV(APPLET(setpriv, BB_DIR_BIN, BB_SUID_DROP))	27	//applet:IF_SETPRIV(APPLET(setpriv, BB_DIR_BIN, BB_SUID_DROP))
20		28
@@ -24,6 +32,9 @@
24	//usage: "[OPTIONS] PROG [ARGS]"	32	//usage: "[OPTIONS] PROG [ARGS]"
25	//usage:#define setpriv_full_usage "\n\n"	33	//usage:#define setpriv_full_usage "\n\n"
26	//usage: "Run PROG with different privilege settings\n"	34	//usage: "Run PROG with different privilege settings\n"
		35	//usage: IF_FEATURE_SETPRIV_DUMP(
		36	//usage: "\n-d,--dump Show current capabilities"
		37	//usage: )
27	//usage: "\n--nnp,--no-new-privs Ignore setuid/setgid bits and file capabilities"	38	//usage: "\n--nnp,--no-new-privs Ignore setuid/setgid bits and file capabilities"
28		39
29	//setpriv from util-linux 2.28:	40	//setpriv from util-linux 2.28:
@@ -52,25 +63,73 @@
52	#endif	63	#endif
53		64
54	enum {	65	enum {
		66	IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,)
55	OPTBIT_NNP,	67	OPTBIT_NNP,
56		68
57	OPT_NNP = (1 << OPTBIT_NNP),	69	IF_FEATURE_SETPRIV_DUMP(OPT_DUMP = (1 << OPTBIT_DUMP),)
		70	OPT_NNP = (1 << OPTBIT_NNP),
58	};	71	};
59		72
		73	#if ENABLE_FEATURE_SETPRIV_DUMP
		74	static int dump(void)
		75	{
		76	uid_t ruid, euid, suid;
		77	gid_t rgid, egid, sgid;
		78	gid_t *gids;
		79	int ngids;
		80
		81	getresuid(&ruid, &euid, &suid); /* never fails in Linux */
		82	getresgid(&rgid, &egid, &sgid); /* never fails in Linux */
		83	ngids = 0;
		84	gids = bb_getgroups(&ngids, NULL); /* never fails in Linux */
		85
		86	printf("uid: %u\n", (unsigned)ruid);
		87	printf("euid: %u\n", (unsigned)euid);
		88	printf("gid: %u\n", (unsigned)rgid);
		89	printf("egid: %u\n", (unsigned)egid);
		90
		91	printf("Supplementary groups: ");
		92	if (ngids == 0) {
		93	printf("[none]");
		94	} else {
		95	const char *fmt = ",%u" + 1;
		96	int i;
		97	for (i = 0; i < ngids; i++) {
		98	printf(fmt, (unsigned)gids[i]);
		99	fmt = ",%u";
		100	}
		101	}
		102	bb_putchar('\n');
		103
		104	if (ENABLE_FEATURE_CLEAN_UP)
		105	free(gids);
		106	return EXIT_SUCCESS;
		107	}
		108	#endif /* FEATURE_SETPRIV_DUMP */
		109
60	int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;	110	int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
61	int setpriv_main(int argc UNUSED_PARAM, char **argv)	111	int setpriv_main(int argc UNUSED_PARAM, char **argv)
62	{	112	{
63	static const char setpriv_longopts[] ALIGN1 =	113	static const char setpriv_longopts[] ALIGN1 =
		114	IF_FEATURE_SETPRIV_DUMP(
		115	"dump\0" No_argument "d"
		116	)
64	"nnp\0" No_argument "\xff"	117	"nnp\0" No_argument "\xff"
65	"no-new-privs\0" No_argument "\xff"	118	"no-new-privs\0" No_argument "\xff"
66	;	119	;
67	int opts;	120	int opts;
68		121
69	applet_long_options = setpriv_longopts;	122	applet_long_options = setpriv_longopts;
70	opts = getopt32(argv, "+");	123	opts = getopt32(argv, "+"IF_FEATURE_SETPRIV_DUMP("d"));
71
72	argv += optind;	124	argv += optind;
73		125
		126	#if ENABLE_FEATURE_SETPRIV_DUMP
		127	if (opts & OPT_DUMP) {
		128	if (argv[0] \|\| (opts - OPT_DUMP) != 0)
		129	bb_show_usage();
		130	return dump();
		131	}
		132	#endif
74	if (opts & OPT_NNP) {	133	if (opts & OPT_NNP) {
75	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))	134	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
76	bb_simple_perror_msg_and_die("prctl: NO_NEW_PRIVS");	135	bb_simple_perror_msg_and_die("prctl: NO_NEW_PRIVS");