File: setpcaps.c

package info (click to toggle)
libcap 1%3A1.10-12
  • links: PTS
  • area: main
  • in suites: woody
  • size: 324 kB
  • ctags: 165
  • sloc: ansic: 1,174; makefile: 155; sh: 8
file content (151 lines) | stat: -rw-r--r-- 3,109 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
 
/*
 * $Id: setpcaps.c,v 1.2 1999/11/18 06:04:26 morgan Exp $
 *
 * Copyright (c) 1997-8 Andrew G. Morgan  <morgan@linux.kernel.org>
 *
 * This sets the capabilities of a given process.
 */

#include <sys/types.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#undef _POSIX_SOURCE
#include <sys/capability.h>
#include <unistd.h>

static void usage(void)
{
    fprintf(stderr,
"usage: setcap [-q] (-|<caps>) <pid> [ ... (-|<capsN>) <pid> ]\n\n"
"  This program can be used to set the process capabilities of running\n"
"  processes.  In order to work, it needs to be executing with CAP_SETPCAP\n"
"  raised, and the only capabilities that this program can bestow on others\n"
"  are a subset of its effective set.  This program is mostly intended as an\n"
"  example -- a safe use of CAP_SETPCAP has yet to be demonstrated!\n\n"
"[Copyright (c) 1997-8 Andrew G. Morgan  <morgan@linux.kernel.org>]\n"
	);
    exit(1);
}

#define MAXCAP  2048

static int read_caps(int quiet, const char *filename, char *buffer)
{
    int i=MAXCAP;

    if (!quiet) {
	fprintf(stderr,	"Please enter caps for file [empty line to end]:\n");
    }
    while (i > 0) {
	int j = read(STDIN_FILENO, buffer, i);

	if (j < 0) {
	    fprintf(stderr, "\n[Error - aborting]\n");
	    exit(1);
	}

	if (j==0 || buffer[0] == '\n') {
	    /* we're done */
	    break;
	}

	/* move on... */

	i -= j;
	buffer += j;
    }

    /* <NUL> terminate */
    buffer[0] = '\0';

    return (i < MAXCAP ? 0:-1);
}

int main(int argc, char **argv)
{
    char buffer[MAXCAP+1];
    int retval, quiet=0;
    cap_t cap_d;

    if (argc < 3) {
	usage();
    }

    while (--argc > 0) {
	const char *text;
	pid_t pid;

	if (!strcmp(*++argv,"-q")) {
	    quiet = 1;
	    continue;
	}
	if (!strcmp(*argv,"-")) {
	    retval = read_caps(quiet, *argv, buffer);
	    if (retval)
		usage();
	    text = buffer;
	} else
	    text = *argv;

	cap_d = cap_from_text(text);
	if (cap_d == NULL) {
	    perror("fatal error");
	    usage();
	}
#ifndef DEBUG
	{
	    ssize_t length;
	    char *result;

	    result = cap_to_text(cap_d, &length);
	    fprintf(stderr, "[caps set to:\n%s\n]\n", result);
	    cap_free(result);
	    result = NULL;
	}
#endif

	if (--argc <= 0)
	    usage();

	pid = atoi(*++argv);
	retval = capsetp(pid, cap_d);

	if (retval != 0) {
	    fprintf(stderr, "Failed to set cap's on process `%d': (%s)\n",
		    pid, strerror(errno));
	    usage();
	}
#ifndef DEBUG
	fprintf(stderr, "[caps set on %d]\n", pid);
#endif
    }

    return 0;
}

/*
 * $Log: setpcaps.c,v $
 * Revision 1.2  1999/11/18 06:04:26  morgan
 * use cap_free and not free for string from cap_to_text()
 *
 * Revision 1.1.1.1  1999/04/17 22:16:31  morgan
 * release 1.0 of libcap
 *
 * Revision 1.3  1998/09/20 23:07:08  morgan
 * fixed comment at top
 *
 * Revision 1.2  1998/06/08 00:17:38  morgan
 * change to accommodate alpha (glibc?)
 *
 * Revision 1.1  1998/06/07 01:46:51  morgan
 * Initial revision
 *
 * Revision 1.2  1997/05/04 05:34:32  morgan
 * non void main
 *
 * Revision 1.1  1997/04/28 01:01:20  morgan
 * Initial revision
 *
 */