Created
July 25, 2015 22:16
-
-
Save vi/f977cc3097d47b07c3ad to your computer and use it in GitHub Desktop.
Do prctl(PR_SET_NO_NEW_PRIVS) and exec
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Pre-built static i386 version: http://vi-server.org/pub/no_new_privs | |
| #include <unistd.h> | |
| #include <string.h> | |
| #include <stdio.h> | |
| #include <sys/prctl.h> | |
| int main(int argc, char* argv[]) | |
| { | |
| if (argc == 1 || !strcmp(argv[1], "--help")) { | |
| printf("Usage: no_new_privs program arguments...\n"); | |
| printf(" It disables filesystem-based privilege elevation for started programs.\n"); | |
| printf(" ping, passwd, su, sudo and others will not work\n"); | |
| return 1; | |
| } | |
| #ifndef PR_SET_NO_NEW_PRIVS | |
| #define PR_SET_NO_NEW_PRIVS 38 | |
| #endif | |
| if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) { | |
| perror("prctl(PR_SET_NO_NEW_PRIVS)"); | |
| return 2; | |
| } | |
| execvp(argv[1], argv+1); | |
| perror("execvp"); | |
| return 127; | |
| } |
scott1980
commented
Jun 8, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment