1 files changed, 73 insertions, 0 deletions
diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
new file mode 100644
index 000000000..6bd663bf4
--- /dev/null
+++ b/util-linux/setpriv.c
@@ -0,0 +1,73 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * setpriv implementation for busybox based on linux-utils-ng 2.29
+ *
+ * Copyright (C) 2017 by  <assafgordon@gmail.com>
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
+ *
+ */
+//config:config SETPRIV
+//config:       bool "setpriv"
+//config:       default y
+//config:       select PLATFORM_LINUX
+//config:       select LONG_OPTS
+//config:       help
+//config:         Run a program with different Linux privilege settings.
+//config:         Requires kernel >= 3.5
+//applet:IF_SETPRIV(APPLET(setpriv, BB_DIR_BIN, BB_SUID_DROP))
+//kbuild:lib-$(CONFIG_SETPRIV) += setpriv.o
+//usage:#define setpriv_trivial_usage
+//usage:        "[OPTIONS] PROG [ARGS]"
+//usage:#define setpriv_full_usage "\n\n"
+//usage:       "Run PROG with different privilege settings\n"
+//usage:     "\n--nnp,--no-new-privs    Ignore setuid/setgid bits and file capabilities"
+//setpriv from util-linux 2.28:
+// -d, --dump               show current state (and do not exec anything)
+// --nnp, --no-new-privs    disallow granting new privileges
+// --inh-caps <caps,...>    set inheritable capabilities
+// --bounding-set <caps>    set capability bounding set
+// --ruid <uid>             set real uid
+// --euid <uid>             set effective uid
+// --rgid <gid>             set real gid
+// --egid <gid>             set effective gid
+// --reuid <uid>            set real and effective uid
+// --regid <gid>            set real and effective gid
+// --clear-groups           clear supplementary groups
+// --keep-groups            keep supplementary groups
+// --groups <group,...>     set supplementary groups
+// --securebits <bits>      set securebits
+// --selinux-label <label>  set SELinux label
+// --apparmor-profile <pr>  set AppArmor profile
+#include <sys/prctl.h>
+#include "libbb.h"
+#ifndef PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS 38
+#endif
+int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int setpriv_main(int argc UNUSED_PARAM, char **argv)
+{
+        static const char setpriv_longopts[] ALIGN1 =
+                "nnp\0"          No_argument    "\xff"
+                "no-new-privs\0" No_argument    "\xff"
+                ;
+        int opts;
+        opt_complementary = "-1";
+        applet_long_options = setpriv_longopts;
+        opts = getopt32(argv, "");
+        if (opts) {
+                if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
+                        bb_simple_perror_msg_and_die("prctl: NO_NEW_PRIVS");
+        }
+        argv += optind;
+        BB_EXECVP_or_die(argv);
+}

diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c new file mode 100644 index 000000000..6bd663bf4 --- /dev/null +++ b/util-linux/setpriv.c
@@ -0,0 +1,73 @@
	1	/* vi: set sw=4 ts=4: */
	2	/*
	3	* setpriv implementation for busybox based on linux-utils-ng 2.29
	4	*
	5	* Copyright (C) 2017 by <assafgordon@gmail.com>
	6	*
	7	* Licensed under GPLv2 or later, see file LICENSE in this source tree.
	8	*
	9	*/
	10	//config:config SETPRIV
	11	//config: bool "setpriv"
	12	//config: default y
	13	//config: select PLATFORM_LINUX
	14	//config: select LONG_OPTS
	15	//config: help
	16	//config: Run a program with different Linux privilege settings.
	17	//config: Requires kernel >= 3.5
	18
	19	//applet:IF_SETPRIV(APPLET(setpriv, BB_DIR_BIN, BB_SUID_DROP))
	20
	21	//kbuild:lib-$(CONFIG_SETPRIV) += setpriv.o
	22
	23	//usage:#define setpriv_trivial_usage
	24	//usage: "[OPTIONS] PROG [ARGS]"
	25	//usage:#define setpriv_full_usage "\n\n"
	26	//usage: "Run PROG with different privilege settings\n"
	27	//usage: "\n--nnp,--no-new-privs Ignore setuid/setgid bits and file capabilities"
	28
	29	//setpriv from util-linux 2.28:
	30	// -d, --dump show current state (and do not exec anything)
	31	// --nnp, --no-new-privs disallow granting new privileges
	32	// --inh-caps <caps,...> set inheritable capabilities
	33	// --bounding-set <caps> set capability bounding set
	34	// --ruid <uid> set real uid
	35	// --euid <uid> set effective uid
	36	// --rgid <gid> set real gid
	37	// --egid <gid> set effective gid
	38	// --reuid <uid> set real and effective uid
	39	// --regid <gid> set real and effective gid
	40	// --clear-groups clear supplementary groups
	41	// --keep-groups keep supplementary groups
	42	// --groups <group,...> set supplementary groups
	43	// --securebits <bits> set securebits
	44	// --selinux-label <label> set SELinux label
	45	// --apparmor-profile <pr> set AppArmor profile
	46
	47	#include <sys/prctl.h>
	48	#include "libbb.h"
	49
	50	#ifndef PR_SET_NO_NEW_PRIVS
	51	#define PR_SET_NO_NEW_PRIVS 38
	52	#endif
	53
	54	int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
	55	int setpriv_main(int argc UNUSED_PARAM, char **argv)
	56	{
	57	static const char setpriv_longopts[] ALIGN1 =
	58	"nnp\0" No_argument "\xff"
	59	"no-new-privs\0" No_argument "\xff"
	60	;
	61	int opts;
	62
	63	opt_complementary = "-1";
	64	applet_long_options = setpriv_longopts;
	65	opts = getopt32(argv, "");
	66	if (opts) {
	67	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
	68	bb_simple_perror_msg_and_die("prctl: NO_NEW_PRIVS");
	69	}
	70
	71	argv += optind;
	72	BB_EXECVP_or_die(argv);
	73	}