1 files changed, 62 insertions, 3 deletions
diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index d15e0d84e..f21ce6632 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -15,6 +15,14 @@
 //config:       help
 //config:         Run a program with different Linux privilege settings.
 //config:         Requires kernel >= 3.5
+//config:
+//config:config FEATURE_SETPRIV_DUMP
+//config:       bool "Support dumping current privilege state"
+//config:       default y
+//config:       depends on SETPRIV
+//config:       help
+//config:         Enables the "--dump" switch to print out the current privilege
+//config:         state. This is helpful for diagnosing problems.
 //applet:IF_SETPRIV(APPLET(setpriv, BB_DIR_BIN, BB_SUID_DROP))
@@ -24,6 +32,9 @@
 //usage:        "[OPTIONS] PROG [ARGS]"
 //usage:#define setpriv_full_usage "\n\n"
 //usage:       "Run PROG with different privilege settings\n"
+//usage:        IF_FEATURE_SETPRIV_DUMP(
+//usage:     "\n-d,--dump               Show current capabilities"
+//usage:        )
 //usage:     "\n--nnp,--no-new-privs    Ignore setuid/setgid bits and file capabilities"
 //setpriv from util-linux 2.28:
@@ -52,25 +63,73 @@
 #endif
 enum {
+        IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,)
        OPTBIT_NNP,
-        OPT_NNP = (1 << OPTBIT_NNP),
+        IF_FEATURE_SETPRIV_DUMP(OPT_DUMP = (1 << OPTBIT_DUMP),)
+        OPT_NNP  = (1 << OPTBIT_NNP),
 };
+#if ENABLE_FEATURE_SETPRIV_DUMP
+static int dump(void)
+{
+        uid_t ruid, euid, suid;
+        gid_t rgid, egid, sgid;
+        gid_t *gids;
+        int ngids;
+        getresuid(&ruid, &euid, &suid); /* never fails in Linux */
+        getresgid(&rgid, &egid, &sgid); /* never fails in Linux */
+        ngids = 0;
+        gids = bb_getgroups(&ngids, NULL); /* never fails in Linux */
+        printf("uid: %u\n", (unsigned)ruid);
+        printf("euid: %u\n", (unsigned)euid);
+        printf("gid: %u\n", (unsigned)rgid);
+        printf("egid: %u\n", (unsigned)egid);
+        printf("Supplementary groups: ");
+        if (ngids == 0) {
+                printf("[none]");
+        } else {
+                const char *fmt = ",%u" + 1;
+                int i;
+                for (i = 0; i < ngids; i++) {
+                        printf(fmt, (unsigned)gids[i]);
+                        fmt = ",%u";
+                }
+        }
+        bb_putchar('\n');
+        if (ENABLE_FEATURE_CLEAN_UP)
+                free(gids);
+        return EXIT_SUCCESS;
+}
+#endif /* FEATURE_SETPRIV_DUMP */
 int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int setpriv_main(int argc UNUSED_PARAM, char **argv)
 {
        static const char setpriv_longopts[] ALIGN1 =
+                IF_FEATURE_SETPRIV_DUMP(
+                "dump\0"         No_argument    "d"
+                )
                "nnp\0"          No_argument    "\xff"
                "no-new-privs\0" No_argument    "\xff"
                ;
        int opts;
        applet_long_options = setpriv_longopts;
-        opts = getopt32(argv, "+");
+        opts = getopt32(argv, "+"IF_FEATURE_SETPRIV_DUMP("d"));
        argv += optind;
+#if ENABLE_FEATURE_SETPRIV_DUMP
+        if (opts & OPT_DUMP) {
+                if (argv[0] || (opts - OPT_DUMP) != 0)
+                        bb_show_usage();
+                return dump();
+        }
+#endif
        if (opts & OPT_NNP) {
                if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
                        bb_simple_perror_msg_and_die("prctl: NO_NEW_PRIVS");

diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c index d15e0d84e..f21ce6632 100644 --- a/util-linux/setpriv.c +++ b/util-linux/setpriv.c
@@ -15,6 +15,14 @@
15	//config: help	15	//config: help
16	//config: Run a program with different Linux privilege settings.	16	//config: Run a program with different Linux privilege settings.
17	//config: Requires kernel >= 3.5	17	//config: Requires kernel >= 3.5
		18	//config:
		19	//config:config FEATURE_SETPRIV_DUMP
		20	//config: bool "Support dumping current privilege state"
		21	//config: default y
		22	//config: depends on SETPRIV
		23	//config: help
		24	//config: Enables the "--dump" switch to print out the current privilege
		25	//config: state. This is helpful for diagnosing problems.
18		26
19	//applet:IF_SETPRIV(APPLET(setpriv, BB_DIR_BIN, BB_SUID_DROP))	27	//applet:IF_SETPRIV(APPLET(setpriv, BB_DIR_BIN, BB_SUID_DROP))
20		28
@@ -24,6 +32,9 @@
24	//usage: "[OPTIONS] PROG [ARGS]"	32	//usage: "[OPTIONS] PROG [ARGS]"
25	//usage:#define setpriv_full_usage "\n\n"	33	//usage:#define setpriv_full_usage "\n\n"
26	//usage: "Run PROG with different privilege settings\n"	34	//usage: "Run PROG with different privilege settings\n"
		35	//usage: IF_FEATURE_SETPRIV_DUMP(
		36	//usage: "\n-d,--dump Show current capabilities"
		37	//usage: )
27	//usage: "\n--nnp,--no-new-privs Ignore setuid/setgid bits and file capabilities"	38	//usage: "\n--nnp,--no-new-privs Ignore setuid/setgid bits and file capabilities"
28		39
29	//setpriv from util-linux 2.28:	40	//setpriv from util-linux 2.28:
@@ -52,25 +63,73 @@
52	#endif	63	#endif
53		64
54	enum {	65	enum {
		66	IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,)
55	OPTBIT_NNP,	67	OPTBIT_NNP,
56		68
57	OPT_NNP = (1 << OPTBIT_NNP),	69	IF_FEATURE_SETPRIV_DUMP(OPT_DUMP = (1 << OPTBIT_DUMP),)
		70	OPT_NNP = (1 << OPTBIT_NNP),
58	};	71	};
59		72
		73	#if ENABLE_FEATURE_SETPRIV_DUMP
		74	static int dump(void)
		75	{
		76	uid_t ruid, euid, suid;
		77	gid_t rgid, egid, sgid;
		78	gid_t *gids;
		79	int ngids;
		80
		81	getresuid(&ruid, &euid, &suid); /* never fails in Linux */
		82	getresgid(&rgid, &egid, &sgid); /* never fails in Linux */
		83	ngids = 0;
		84	gids = bb_getgroups(&ngids, NULL); /* never fails in Linux */
		85
		86	printf("uid: %u\n", (unsigned)ruid);
		87	printf("euid: %u\n", (unsigned)euid);
		88	printf("gid: %u\n", (unsigned)rgid);
		89	printf("egid: %u\n", (unsigned)egid);
		90
		91	printf("Supplementary groups: ");
		92	if (ngids == 0) {
		93	printf("[none]");
		94	} else {
		95	const char *fmt = ",%u" + 1;
		96	int i;
		97	for (i = 0; i < ngids; i++) {
		98	printf(fmt, (unsigned)gids[i]);
		99	fmt = ",%u";
		100	}
		101	}
		102	bb_putchar('\n');
		103
		104	if (ENABLE_FEATURE_CLEAN_UP)
		105	free(gids);
		106	return EXIT_SUCCESS;
		107	}
		108	#endif /* FEATURE_SETPRIV_DUMP */
		109
60	int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;	110	int setpriv_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
61	int setpriv_main(int argc UNUSED_PARAM, char **argv)	111	int setpriv_main(int argc UNUSED_PARAM, char **argv)
62	{	112	{
63	static const char setpriv_longopts[] ALIGN1 =	113	static const char setpriv_longopts[] ALIGN1 =
		114	IF_FEATURE_SETPRIV_DUMP(
		115	"dump\0" No_argument "d"
		116	)
64	"nnp\0" No_argument "\xff"	117	"nnp\0" No_argument "\xff"
65	"no-new-privs\0" No_argument "\xff"	118	"no-new-privs\0" No_argument "\xff"
66	;	119	;
67	int opts;	120	int opts;
68		121
69	applet_long_options = setpriv_longopts;	122	applet_long_options = setpriv_longopts;
70	opts = getopt32(argv, "+");	123	opts = getopt32(argv, "+"IF_FEATURE_SETPRIV_DUMP("d"));
71
72	argv += optind;	124	argv += optind;
73		125
		126	#if ENABLE_FEATURE_SETPRIV_DUMP
		127	if (opts & OPT_DUMP) {
		128	if (argv[0] \|\| (opts - OPT_DUMP) != 0)
		129	bb_show_usage();
		130	return dump();
		131	}
		132	#endif
74	if (opts & OPT_NNP) {	133	if (opts & OPT_NNP) {
75	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))	134	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
76	bb_simple_perror_msg_and_die("prctl: NO_NEW_PRIVS");	135	bb_simple_perror_msg_and_die("prctl: NO_NEW_PRIVS");