summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbie <bie@blekksprut.net>2016-11-10 18:01:49 +0100
committerbie <bie@blekksprut.net>2016-11-10 18:01:49 +0100
commit3ce4f1f7e5e8b77a8e9862fe3adf1fdae24e7825 (patch)
tree00f5d9148be9676674f7e407762c768c3407fc05
parentf2dfa757e24b0073ed8a9d3703d6b6b52ac1a3d3 (diff)
downloadgodzilla-3ce4f1f7e5e8b77a8e9862fe3adf1fdae24e7825.tar.xz
capabilities, libcap, party hardHEADmaster
-rw-r--r--Makefile2
-rw-r--r--godzilla.c12
2 files changed, 11 insertions, 3 deletions
diff --git a/Makefile b/Makefile
index 15311e6..71c7548 100644
--- a/Makefile
+++ b/Makefile
@@ -14,5 +14,5 @@ config.h:
cp config.def.h $@
godzilla: config.h godzilla.c
- ${CC} ${CFLAGS} -o godzilla godzilla.c -lcrypt
+ ${CC} ${CFLAGS} -o godzilla godzilla.c -lcrypt -lcap
diff --git a/godzilla.c b/godzilla.c
index 002ed96..0c512ea 100644
--- a/godzilla.c
+++ b/godzilla.c
@@ -9,6 +9,8 @@
#include <unistd.h>
#include <pwd.h>
#include <grp.h>
+#include <sys/capability.h>
+#include <sys/prctl.h>
#include <sys/types.h>
#include "config.h"
@@ -79,10 +81,16 @@ int main(int argc, char **argv) {
result = crypt(passw, s->sp_pwdp);
if(!strcmp(result, s->sp_pwdp)) {
struct passwd *user = getpwnam(login);
+ cap_value_t cap_values[] = { CAP_SETUID, CAP_SETGID };
+ cap_t caps;
+ caps = cap_get_proc();
+ cap_set_flag(caps, CAP_EFFECTIVE, 2, cap_values, CAP_SET);
+ cap_set_proc(caps);
+ prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+ cap_free(caps);
setgid(user->pw_gid);
- setuid(user->pw_uid);
- seteuid(user->pw_uid);
initgroups(login, user->pw_gid);
+ setuid(user->pw_uid);
setenv("REMOTE_USER", login, 1);
unsetenv("HTTP_AUTHORIZATION");
return execve(script, argv, environ);