diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2020-01-27 22:23:32 -0800 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2020-01-27 22:25:20 -0800 |
| commit | e7709bbc1c4712f2ddfc6e6f42892928a8a03782 (patch) | |
| tree | 0c896fec8059059620cba0155b2e2e849e6741de /progs | |
| parent | 588d0439cb6495b03f0ab9f213f0b6b339e7d4b7 (diff) | |
| download | libcap2-e7709bbc1c4712f2ddfc6e6f42892928a8a03782.tar.gz | |
More capsh testing features.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'progs')
| -rw-r--r-- | progs/capsh.c | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/progs/capsh.c b/progs/capsh.c index 2875096..36a59d9 100644 --- a/progs/capsh.c +++ b/progs/capsh.c @@ -328,6 +328,18 @@ int main(int argc, char *argv[], char *envp[]) for (i=1; i<argc; ++i) { if (!strncmp("--drop=", argv[i], 7)) { arg_drop(argv[i]+7); + } else if (!strncmp("--dropped=", argv[i], 10)) { + cap_value_t cap; + if (cap_from_name(argv[i]+10, &cap) < 0) { + fprintf(stderr, "cap[%s] not recognized by library\n", + argv[i] + 10); + exit(1); + } + if (cap_get_bound(cap) > 0) { + fprintf(stderr, "cap[%s] raised in bounding vector\n", + argv[i]+10); + exit(1); + } } else if (!strcmp("--has-ambient", argv[i])) { if (!CAP_AMBIENT_SUPPORTED()) { fprintf(stderr, "ambient set not supported\n"); @@ -767,20 +779,37 @@ int main(int argc, char *argv[], char *envp[]) cap_t orig; if (cap_from_name(argv[i]+8, &cap) < 0) { - fprintf(stderr, "cap[%s] not recognized by libarary\n", + fprintf(stderr, "cap[%s] not recognized by library\n", argv[i] + 8); exit(1); } orig = cap_get_proc(); if (cap_get_flag(orig, cap, CAP_PERMITTED, &enabled) || !enabled) { - fprintf(stderr, "cap[%s] not enabled\n", argv[i]+8); + fprintf(stderr, "cap[%s] not permitted\n", argv[i]+8); + exit(1); + } + cap_free(orig); + } else if (!strncmp("--has-i=", argv[i], 8)) { + cap_value_t cap; + cap_flag_value_t enabled; + cap_t orig; + + if (cap_from_name(argv[i]+8, &cap) < 0) { + fprintf(stderr, "cap[%s] not recognized by library\n", + argv[i] + 8); + exit(1); + } + orig = cap_get_proc(); + if (cap_get_flag(orig, cap, CAP_INHERITABLE, &enabled) + || !enabled) { + fprintf(stderr, "cap[%s] not inheritable\n", argv[i]+8); exit(1); } cap_free(orig); } else if (!strncmp("--has-a=", argv[i], 8)) { cap_value_t cap; if (cap_from_name(argv[i]+8, &cap) < 0) { - fprintf(stderr, "cap[%s] not recognized by libarary\n", + fprintf(stderr, "cap[%s] not recognized by library\n", argv[i] + 8); exit(1); } @@ -814,7 +843,9 @@ int main(int argc, char *argv[], char *envp[]) " --decode=xxx decode a hex string to a list of caps\n" " --supports=xxx exit 1 if capability xxx unsupported\n" " --has-p=xxx exit 1 if capability xxx not permitted\n" + " --has-i=xxx exit 1 if capability xxx not inheritable\n" " --drop=xxx remove xxx,.. capabilities from bset\n" + " --dropped=xxx exit 1 unless bounding cap xxx dropped\n" " --has-ambient exit 1 unless ambient vector supported\n" " --has-a=xxx exit 1 if capability xxx not ambient\n" " --addamb=xxx add xxx,... capabilities to ambient set\n" |