Created
May 21, 2017 21:20
-
-
Save tixxdz/f6d77e5a45f9f8cfa4bcc0ab526ce5cf to your computer and use it in GitHub Desktop.
modules:capabilities: test for a per-task modules auto-load prctl(PR_SET_MODULES_AUTOLOAD_MODE, ...)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <errno.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <linux/prctl.h> | |
#include <sys/prctl.h> | |
#include <sys/ptrace.h> | |
enum { | |
MODULES_AUTOLOAD_ALLOWED = 0, | |
MODULES_AUTOLOAD_PRIVILEGED = 1, | |
MODULES_AUTOLOAD_DISABLED = 2, | |
}; | |
#ifndef PR_SET_MODULES_AUTOLOAD_MODE | |
#define PR_SET_MODULES_AUTOLOAD_MODE 48 | |
#define PR_GET_MODULES_AUTOLOAD_MODE 49 | |
#endif | |
extern char **environ; | |
static char *args[] = { "/bin/bash", NULL }; | |
int exec_command(int mode) | |
{ | |
int ret; | |
ret = prctl(PR_SET_MODULES_AUTOLOAD_MODE, mode, 0, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "Error PR_SET_MODULES_AUTOLOAD_MODE to 2 failed: %d (%m)\n", -errno); | |
return EXIT_FAILURE; | |
} | |
ret = prctl(PR_GET_MODULES_AUTOLOAD_MODE, 0, 0, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "Error PR_GET_MODULES_AUTOLOAD_MODE failed: %d (%m)\n", -errno); | |
return EXIT_FAILURE; | |
} | |
printf("task modules_autoload_mode: %d\n", ret); | |
execv(args[0], args); | |
fprintf(stderr, "error on execve(): %d (%m)\n", -errno); | |
exit(EXIT_FAILURE); | |
} | |
int main(int argc, const char **argv) | |
{ | |
int ret; | |
int mode = 0; | |
if (argc > 1) { | |
errno = 0; | |
mode = strtol(argv[1], NULL, 10); | |
if (errno != 0 && mode == 0) { | |
fprintf(stderr, "Error parsing argument\n"); | |
return EXIT_FAILURE; | |
} | |
} | |
if (mode > 0) | |
return exec_command(mode); | |
ret = prctl(PR_GET_MODULES_AUTOLOAD_MODE, 0, 0, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "Error PR_GET_MODULES_AUTOLOAD_MODE failed: %d (%m)\n", -errno); | |
return EXIT_FAILURE; | |
} | |
ret = prctl(PR_SET_MODULES_AUTOLOAD_MODE, MODULES_AUTOLOAD_PRIVILEGED, | |
0, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "Error PR_SET_MODULES_AUTOLOAD_MODE to 1 failed: %d (%m)\n", -errno); | |
return EXIT_FAILURE; | |
} | |
/* Pass extra non-zero argument */ | |
ret = prctl(PR_GET_MODULES_AUTOLOAD_MODE, 1, 0, 0, 0); | |
if (ret >= 0 || errno != EINVAL) { | |
printf("Error PR_GET_MODULES_AUTOLOAD_MODE should fail with -EINVAL"); | |
return EXIT_FAILURE; | |
} | |
ret = prctl(PR_GET_MODULES_AUTOLOAD_MODE, 0, 0, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "Error PR_GET_MODULES_AUTOLOAD_MODE failed: %d (%m)\n", -errno); | |
return EXIT_FAILURE; | |
} | |
printf("task modules_autoload_mode: %d\n", ret); | |
if (ret != 1) { | |
fprintf(stderr, "Error PR_GET_MODULES_AUTOLOAD_MODE should return 1\n"); | |
return EXIT_FAILURE; | |
} | |
/* Should fail with -EPERM */ | |
ret = prctl(PR_SET_MODULES_AUTOLOAD_MODE, MODULES_AUTOLOAD_ALLOWED, | |
0, 0, 0); | |
if (ret < 0) { | |
fprintf(stderr, "PR_SET_MODULES_AUTOLOAD_MODE to 0 failed: %d (%m)\n", -errno); | |
} else { | |
fprintf(stderr, "Error PR_SET_MODULES_AUTOLOAD_MODE to 0 succeeded\n"); | |
return EXIT_FAILURE; | |
} | |
return exec_command(MODULES_AUTOLOAD_DISABLED); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment