diff options
-rw-r--r-- | progs/capsh.c | 58 | ||||
-rw-r--r-- | progs/getcap.c | 15 | ||||
-rw-r--r-- | progs/getpcaps.c | 23 | ||||
-rw-r--r-- | progs/setcap.c | 10 |
4 files changed, 65 insertions, 41 deletions
diff --git a/progs/capsh.c b/progs/capsh.c index 5ea340b..dfe420f 100644 --- a/progs/capsh.c +++ b/progs/capsh.c @@ -1,9 +1,10 @@ /* * Copyright (c) 2008-11,16,19,2020 Andrew G. Morgan <morgan@kernel.org> * - * This is a simple 'bash' (-DSHELL) wrapper program that can be used - * to raise and lower both the bset and pI capabilities before - * invoking /bin/bash. + * This is a multifunction shell wrapper tool that can be used to + * launch capable files in various ways with a variety of settings. It + * also supports some testing modes, which are used extensively as + * part of the libcap build system. * * The --print option can be used as a quick test whether various * capability manipulations work as expected (or not). @@ -909,41 +910,46 @@ int main(int argc, char *argv[], char *envp[]) exit(1); } cap_free(iab); + } else if (!strcmp("--license", argv[i])) { + printf( + "%s has a you choose license: BSD 3-clause or GPL2\n" + "Copyright (c) 2008-11,16,19,2020 Andrew G. Morgan" + " <morgan@kernel.org>\n", argv[0]); + exit(0); } else { usage: printf("usage: %s [args ...]\n" - " --help, -h this message (or try 'man capsh')\n" - " --print display capability relevant state\n" - " --decode=xxx decode a hex string to a list of caps\n" - " --supports=xxx exit 1 if capability xxx unsupported\n" - " --has-p=xxx exit 1 if capability xxx not permitted\n" - " --has-i=xxx exit 1 if capability xxx not inheritable\n" - " --drop=xxx remove xxx,.. capabilities from bset\n" - " --dropped=xxx exit 1 unless bounding cap xxx dropped\n" - " --has-ambient exit 1 unless ambient vector supported\n" " --has-a=xxx exit 1 if capability xxx not ambient\n" + " --has-ambient exit 1 unless ambient vector supported\n" " --addamb=xxx add xxx,... capabilities to ambient set\n" - " --delamb=xxx remove xxx,... capabilities from ambient\n" - " --noamb reset (drop) all ambient capabilities\n" + " --cap-uid=<n> use libcap cap_setuid() to change uid\n" " --caps=xxx set caps as per cap_from_text()\n" - " --inh=xxx set xxx,.. inheritable set\n" - " --secbits=<n> write a new value for securebits\n" + " --chroot=path chroot(2) to this path\n" + " --decode=xxx decode a hex string to a list of caps\n" + " --delamb=xxx remove xxx,... capabilities from ambient\n" + " --forkfor=<n> fork and make child sleep for <n> sec\n" + " --gid=<n> set gid to <n> (hint: id <username>)\n" + " --groups=g,... set the supplemental groups\n" + " --has-p=xxx exit 1 if capability xxx not permitted\n" + " --has-i=xxx exit 1 if capability xxx not inheritable\n" + " --help, -h this message (or try 'man capsh')\n" " --iab=... use cap_iab_from_text() to set iab\n" - " --keep=<n> set keep-capability bit to <n>\n" - " --uid=<n> set uid to <n> (hint: id <username>)\n" - " --cap-uid=<n> libcap cap_setuid() to change uid\n" + " --inh=xxx set xxx,.. inheritable set\n" + " --inmode=<xxx> exit 1 if current mode is not <xxx>\n" " --is-uid=<n> exit 1 if uid != <n>\n" - " --gid=<n> set gid to <n> (hint: id <username>)\n" " --is-gid=<n> exit 1 if gid != <n>\n" - " --groups=g,... set the supplemental groups\n" - " --user=<name> set uid,gid and groups to that of user\n" - " --chroot=path chroot(2) to this path\n" + " --keep=<n> set keep-capability bit to <n>\n" + " --killit=<n> send signal(n) to child\n" + " --license display license info\n" " --modes list libcap named capability modes\n" " --mode=<xxx> set capability mode to <xxx>\n" - " --inmode=<xxx> exit 1 if current mode is not <xxx>\n" - " --killit=<n> send signal(n) to child\n" - " --forkfor=<n> fork and make child sleep for <n> sec\n" + " --noamb reset (drop) all ambient capabilities\n" + " --print display capability relevant state\n" + " --secbits=<n> write a new value for securebits\n" " --shell=/xx/yy use /xx/yy instead of " SHELL " for --\n" + " --supports=xxx exit 1 if capability xxx unsupported\n" + " --uid=<n> set uid to <n> (hint: id <username>)\n" + " --user=<name> set uid,gid and groups to that of user\n" " == re-exec(capsh) with args as for --\n" " -- remaining arguments are for " SHELL "\n" " (without -- [%s] will simply exit(0))\n", diff --git a/progs/getcap.c b/progs/getcap.c index e578bbd..208bd6a 100644 --- a/progs/getcap.c +++ b/progs/getcap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997,2007 Andrew G. Morgan <morgan@kernel.org> + * Copyright (c) 1997,2007 Andrew G. Morgan <morgan@kernel.org> * * This displays the capabilities of a given file. */ @@ -26,9 +26,9 @@ static int namespace = 0; static void usage(int code) { fprintf(stderr, - "usage: getcap [-v] [-r] [-h] [-n] <filename> [<filename> ...]\n" - "\n" - "\tdisplays the capabilities on the queried file(s).\n" + "usage: getcap [-h] [-l] [-n] [-r] [-v] <filename> [<filename> ...]\n" + "\n" + "\tdisplays the capabilities on the queried file(s).\n" ); exit(code); } @@ -82,7 +82,7 @@ int main(int argc, char **argv) { int i, c; - while ((c = getopt(argc, argv, "rvhn")) > 0) { + while ((c = getopt(argc, argv, "rvhnl")) > 0) { switch(c) { case 'r': recursive = 1; @@ -95,6 +95,11 @@ int main(int argc, char **argv) break; case 'h': usage(0); + case 'l': + printf("%s has a you choose license: BSD 3-clause or GPL2\n" + "Copyright (c) 1997,2007 Andrew G. Morgan" + " <morgan@kernel.org>\n", argv[0]); + exit(0); default: usage(1); } diff --git a/progs/getpcaps.c b/progs/getpcaps.c index 5cd81af..5bc511e 100644 --- a/progs/getpcaps.c +++ b/progs/getpcaps.c @@ -11,19 +11,19 @@ #include <stdlib.h> #include <sys/capability.h> -static void usage(int exiter) +static void usage(int code) { fprintf(stderr, "usage: getcaps <pid> [<pid> ...]\n\n" " This program displays the capabilities on the queried process(es).\n" -" The capabilities are displayed in the cap_from_text(3) format.\n\n" -" Optional arguments:\n" -" --help, -h or --usage display this message.\n" -" --verbose use a more verbose output format.\n" -" --ugly or --legacy use the archaic legacy output format.\n\n" -"[Copyright (c) 1997-8,2007,2019 Andrew G. Morgan <morgan@kernel.org>]\n" - ); - exit(exiter); + " The capabilities are displayed in the cap_from_text(3) format.\n" + "\n" + " Optional arguments:\n" + " --help, -h or --usage display this message.\n" + " --verbose use a more verbose output format.\n" + " --ugly or --legacy use the archaic legacy output format.\n" + " --license display license info\n"); + exit(code); } int main(int argc, char **argv) @@ -43,6 +43,11 @@ int main(int argc, char **argv) if (!strcmp(argv[0], "--help") || !strcmp(argv[0], "--usage") || !strcmp(argv[0], "-h")) { usage(0); + } else if (!strcmp(argv[0], "--license")) { + printf("%s has a you choose license: BSD 3-clause or GPL2\n" +"[Copyright (c) 1997-8,2007,2019 Andrew G. Morgan <morgan@kernel.org>]\n", + argv[0]); + exit(0); } else if (!strcmp(argv[0], "--verbose")) { verbose = 1; continue; diff --git a/progs/setcap.c b/progs/setcap.c index f675cdd..930429a 100644 --- a/progs/setcap.c +++ b/progs/setcap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997,2007-8 Andrew G. Morgan <morgan@kernel.org> + * Copyright (c) 1997,2007-8,2020 Andrew G. Morgan <morgan@kernel.org> * * This sets/verifies the capabilities of a given file. */ @@ -26,6 +26,7 @@ static void usage(int status) " -q quietly\n" " -v validate supplied capability matches file\n" " -n <rootid> write a user namespace limited capability\n" + " --license display the license info\n" ); exit(status); } @@ -91,6 +92,13 @@ int main(int argc, char **argv) quiet = 1; continue; } + if (!strcmp("--license", *argv)) { + printf( + "%s has a you choose license: BSD 3-clause or GPL2\n" + "Copyright (c) 1997,2007-8,2020 Andrew G. Morgan" + " <morgan@kernel.org>\n", argv[0]); + exit(0); + } if (!strcmp(*argv, "-h")) { usage(0); } |