On Monday May 21 2007 12:51:59 pm Bruce Dubbs wrote: > Looking at the code for ntp, it seems that libcap is only used if > HAVE_DROPROOT is defined. This is only defined if $ac_clockctl and > $ac_cv_header_sys_clockctl_h are 'yes' in configure. > > Looking at configure: > > $ac_clockctl requires sys/clockctl.h which appears to be BSD only > $ac_cv_header_sys_clockctl_h seems to be used but never defined. > > The bottom line is that I don't see how libcap is ever used in ntp. > > I have not done any analysis on the other programs you mention. > > -- Bruce
Ntpd is dropping root for me:
$ ps aux | grep ntp
ntpd 18869 0.0 0.0 4000 1320 ? SNs 07:26
0:00 /usr/bin/ntpd --configfile=/etc/ntpd.conf --jaildir=/var/lib/ntpd
--logfile=/var/lib/ntpd/ntpd.log --pidfile=/var/lib/ntpd/ntpd.pid
--user=ntpd:ntpd --no-load-opts
./configure of ntpd-4.2.4p0 with --enable-linuxcaps gives me:
$ grep HAVE_DROPROOT config.h
#define HAVE_DROPROOT
I used Owl Linux's libcap patches, which I have attached. Install libcap with:
patch -Np1 -i ../libcap-1.10-owl_fixes-1.patch
make
make install
rm -v /lib/libcap.so
ln -vs ../../lib/libcap.so.1 /usr/lib/libcap.so
chmod -v 755 /lib/libcap.so.1.10
Owl's patches install to /sbin, but I don't see why it can't go in /usr/sbin.
That can be changed with 'make' parameters though.
Then build ntpd with --enable-linuxcaps, and:
groupadd -g 54 ntpd
useradd -d /var/lib/ntpd -c "Network Time Protocol Daemon" -g ntpd \
-s /bin/false -u 54 ntpd
Then:
install -vd -m710 -o root -g ntpd /var/lib/ntpd
install -vd -m770 -o root -g ntpd /var/lib/ntpd/drift
cat > /etc/ntpd.conf << "EOF"
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
driftfile /drift/ntpd.drift
EOF
Load the capabilities kernel module...
And:
ntpd --configfile=/etc/ntpd.conf --jaildir=/var/lib/ntpd \
--logfile=/var/lib/ntpd/ntpd.log --pidfile=/var/lib/ntpd/ntpd.pid \
--user=ntpd:ntpd --no-load-opts
The ntp user only needs write permission on the drift file, and the directory
the drift file is in so that a temporary drift file can be created and
deleted. I used a 9kb tmpfs for /var/lib/ntpd/drift, with two inodes and two
blocks, and all the no* mount options. All the other files are opened by root
outside of the chroot, and the ntp user does not need permission on them
(including the log file). So, my above example should actually be changed a
bit.. the pid file should go in /var/run, and the log in /var/log (I think
ntpd is hooked on the log file's inode, so the log doesn't need to be in the
chroot). If you do not use --logfile then you might need a /dev/log in the
chroot for syslog.
robert
Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes)
Date: 2007-05-21
Initial Package Version: 1.10
Upstream Status: Not submitted
Origin: Alt and Owl Linux
libcap-1.10-alt-Makefile.diff
libcap-1.10-alt-cap_free.diff
libcap-1.10-alt-bound.diff
libcap-1.10-alt-warnings.diff
libcap-1.10-rh-alt-makenames.diff
libcap-1.10-alt-userland.diff
libcap-1.10-alt-cap_file.diff
Description: This patch fixes compiler warnings, and installation paths.
diff -Naur libcap-1.10.orig/Make.Rules libcap-1.10/Make.Rules
--- libcap-1.10.orig/Make.Rules 1999-11-18 06:06:02.000000000 +0000
+++ libcap-1.10/Make.Rules 2007-05-21 07:09:52.000000000 +0000
@@ -12,19 +12,19 @@
# Autoconf-style prefixes are activated when $(prefix) is defined.
# Otherwise binaries and libraraies are installed in /{lib,sbin}/,
-# header files in /usr/include/ and documentation in /usr/man/man?/.
+# header files in /usr/include/ and documentation in /usr/share/man/man?/.
ifdef prefix
exec_prefix=$(prefix)
lib_prefix=$(exec_prefix)
inc_prefix=$(lib_prefix)
-man_prefix=$(prefix)
+man_prefix=$(prefix)/share
else
prefix=/usr
exec_prefix=
lib_prefix=$(exec_prefix)
inc_prefix=$(prefix)
-man_prefix=$(prefix)
+man_prefix=$(prefix)/share
endif
# Target directories
@@ -44,10 +44,12 @@
CC=gcc
COPTFLAGS=-O2
DEBUG=-g #-DDEBUG
-WARNINGS=-ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \
- -Wpointer-arith -Wcast-qual -Wcast-align \
- -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \
- -Wnested-externs -Winline -Wshadow -pedantic
+WARNINGS=-D_GNU_SOURCE -Wall -W \
+ -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings \
+ -Wconversion -Waggregate-return -Wstrict-prototypes \
+ -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn \
+ -Wmissing-format-attribute -Wredundant-decls \
+ -Wdisabled-optimization
LD=ld
LDFLAGS=-s #-g
diff -Naur libcap-1.10.orig/doc/Makefile libcap-1.10/doc/Makefile
--- libcap-1.10.orig/doc/Makefile 1999-04-17 22:16:31.000000000 +0000
+++ libcap-1.10/doc/Makefile 2007-05-21 07:09:52.000000000 +0000
@@ -16,21 +16,15 @@
capsetp.3 capgetp.3
#MAN8S = getcap.8 setcap.8
-MANS = $(MAN2S) $(MAN3S) $(MAN8S)
+MANS = $(MAN3S)
all: $(MANS)
-install:
- mkdir -p -m 755 $(MANDIR)/man2 $(MANDIR)/man3
- for man in \
- $(MANDIR)/man2 $(MAN2S) \
- $(MANDIR)/man3 $(MAN3S) \
- ; \
- do \
- case $$man in \
- /*) sub=$$man ; continue ;; \
- esac; \
- install -m 644 $$man $$sub ; \
+install: $(MANS)
+ for man in $(MANS); do \
+ sect="$${man##*.}"; \
+ mkdir -p -m755 $(MANDIR)/man$$sect; \
+ install -p -m644 $$man $(MANDIR)/man$$sect/; \
done
clean:
diff -Naur libcap-1.10.orig/libcap/Makefile libcap-1.10/libcap/Makefile
--- libcap-1.10.orig/libcap/Makefile 1999-04-17 22:16:31.000000000 +0000
+++ libcap-1.10/libcap/Makefile 2007-05-21 07:09:52.000000000 +0000
@@ -32,7 +32,7 @@
LIBNAME=libcap.so
#
-FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys
+FILES=cap_alloc cap_proc cap_extint cap_flag cap_text
# for later when there is filesystem support for cap's:
#FILES += cap_file
@@ -41,6 +41,7 @@
OBJS=$(addsuffix .o, $(FILES))
MAJLIBNAME=$(LIBNAME).$(VERSION)
MINLIBNAME=$(MAJLIBNAME).$(MINOR)
+MAP=libcap.map
all: $(MINLIBNAME)
@@ -55,13 +56,13 @@
@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define \([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
# @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
-$(MINLIBNAME): $(OBJS)
- $(LD) -soname $(MAJLIBNAME) -x -shared -o $@ $(OBJS)
+$(MINLIBNAME): $(OBJS) $(MAP)
+ $(CC) -shared -Wl,-soname,$(MAJLIBNAME),--version-script,$(MAP),-z,defs -o $@ $(OBJS)
ln -sf $(MINLIBNAME) $(MAJLIBNAME)
ln -sf $(MAJLIBNAME) $(LIBNAME)
%.o: %.c $(INCLS)
- $(CC) $(CFLAGS) -c $< -o $@
+ $(CC) $(CFLAGS) -fPIC -c $< -o $@
install: all
mkdir -p -m 0755 $(INCDIR)/sys
@@ -70,7 +71,6 @@
install -m 0644 $(MINLIBNAME) $(LIBDIR)/$(MINLIBNAME)
ln -sf $(MINLIBNAME) $(LIBDIR)/$(MAJLIBNAME)
ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME)
- -/sbin/ldconfig
clean:
$(LOCALCLEAN)
diff -Naur libcap-1.10.orig/libcap/_makenames.c libcap-1.10/libcap/_makenames.c
--- libcap-1.10.orig/libcap/_makenames.c 1999-05-14 04:46:15.000000000 +0000
+++ libcap-1.10/libcap/_makenames.c 2007-05-21 07:10:43.000000000 +0000
@@ -9,7 +9,7 @@
#include <stdio.h>
#include <stdlib.h>
-#include <linux/capability.h>
+#include "include/sys/capability.h"
/*
* #include 'sed' generated array
diff -Naur libcap-1.10.orig/libcap/cap_alloc.c libcap-1.10/libcap/cap_alloc.c
--- libcap-1.10.orig/libcap/cap_alloc.c 1999-11-18 07:23:24.000000000 +0000
+++ libcap-1.10/libcap/cap_alloc.c 2007-05-21 07:10:40.000000000 +0000
@@ -97,6 +97,8 @@
int cap_free(void *data_p)
{
+ if ( !data_p )
+ return 0;
if ( good_cap_t(data_p) ) {
data_p = -1 + (__u32 *) data_p;
@@ -107,7 +109,7 @@
}
if ( good_cap_string(data_p) ) {
- int length = strlen(data_p) + sizeof(__u32);
+ size_t length = strlen(data_p) + sizeof(__u32);
data_p = -1 + (__u32 *) data_p;
memset(data_p, 0, length);
free(data_p);
diff -Naur libcap-1.10.orig/libcap/cap_extint.c libcap-1.10/libcap/cap_extint.c
--- libcap-1.10.orig/libcap/cap_extint.c 1999-04-17 22:16:31.000000000 +0000
+++ libcap-1.10/libcap/cap_extint.c 2007-05-21 07:10:40.000000000 +0000
@@ -16,8 +16,8 @@
* length (void *))
*/
#define CAP_EXT_MAGIC "\220\302\001\121"
-#define CAP_EXT_MAGIC_SIZE 4
-const static __u8 external_magic[CAP_EXT_MAGIC_SIZE+1] = CAP_EXT_MAGIC;
+#define CAP_EXT_MAGIC_SIZE 4UL
+static const __u8 external_magic[CAP_EXT_MAGIC_SIZE+1] = CAP_EXT_MAGIC;
struct cap_ext_struct {
__u8 magic[CAP_EXT_MAGIC_SIZE];
@@ -31,7 +31,7 @@
* return size of external capability set
*/
-ssize_t cap_size(cap_t caps)
+ssize_t cap_size(cap_t __attribute__ ((unused)) caps)
{
return sizeof(struct cap_ext_struct);
}
@@ -49,7 +49,8 @@
int i;
/* valid arguments? */
- if (!good_cap_t(cap_d) || length < sizeof(struct cap_ext_struct)
+ if (!good_cap_t(cap_d) || length < 0
+ || (size_t) length < sizeof(struct cap_ext_struct)
|| cap_ext == NULL) {
errno = EINVAL;
return -1;
@@ -60,7 +61,7 @@
result->length_of_capset = CAP_SET_SIZE;
for (i=0; i<NUMBER_OF_CAP_SETS; ++i) {
- int j;
+ unsigned int j;
for (j=0; j<CAP_SET_SIZE; ) {
__u32 val = *from++;
@@ -90,8 +91,8 @@
const struct cap_ext_struct *export =
(const struct cap_ext_struct *) cap_ext;
cap_t cap_d;
- int set, blen;
- __u32 * to = (__u32 *) &cap_d->set;
+ unsigned int set, blen;
+ __u32 * to;
/* Does the external representation make sense? */
if (export == NULL || !memcmp(export->magic, external_magic
@@ -105,9 +106,10 @@
return NULL;
blen = export->length_of_capset;
+ to = (__u32 *) &cap_d->set;
for (set=0; set<=NUMBER_OF_CAP_SETS; ++set) {
- int blk;
- int bno = 0;
+ unsigned int blk;
+ unsigned int bno = 0;
for (blk=0; blk<(CAP_SET_SIZE/4); ++blk) {
__u32 val = 0;
diff -Naur libcap-1.10.orig/libcap/cap_file.c libcap-1.10/libcap/cap_file.c
--- libcap-1.10.orig/libcap/cap_file.c 1999-04-17 22:16:31.000000000 +0000
+++ libcap-1.10/libcap/cap_file.c 2007-05-21 07:10:02.000000000 +0000
@@ -29,7 +29,8 @@
&result->set[CAP_INHERITABLE],
&result->set[CAP_PERMITTED],
&result->set[CAP_EFFECTIVE] )) {
- cap_free(&result);
+ cap_free(result);
+ result = NULL;
}
}
@@ -54,7 +55,8 @@
&result->set[CAP_INHERITABLE],
&result->set[CAP_PERMITTED],
&result->set[CAP_EFFECTIVE] ))
- cap_free(&result);
+ cap_free(result);
+ result = NULL;
}
return result;
diff -Naur libcap-1.10.orig/libcap/cap_flag.c libcap-1.10/libcap/cap_flag.c
--- libcap-1.10.orig/libcap/cap_flag.c 1999-04-17 22:16:31.000000000 +0000
+++ libcap-1.10/libcap/cap_flag.c 2007-05-21 07:10:40.000000000 +0000
@@ -26,7 +26,7 @@
*/
if (raised && good_cap_t(cap_d) && value >= 0 && value < __CAP_BITS
- && set >= 0 && set < NUMBER_OF_CAP_SETS) {
+ && (int) set >= 0 && set < NUMBER_OF_CAP_SETS) {
__cap_s *cap_p = (__cap_s *) (set*CAP_SET_SIZE
+ (__u8 *) &cap_d->set);
@@ -56,7 +56,7 @@
*/
if (good_cap_t(cap_d) && no_values > 0 && no_values <= __CAP_BITS
- && (set >= 0) && (set < NUMBER_OF_CAP_SETS)
+ && (int) set >= 0 && set < NUMBER_OF_CAP_SETS
&& (raise == CAP_SET || raise == CAP_CLEAR) ) {
int i;
for (i=0; i<no_values; ++i) {
diff -Naur libcap-1.10.orig/libcap/cap_proc.c libcap-1.10/libcap/cap_proc.c
--- libcap-1.10.orig/libcap/cap_proc.c 1999-04-18 20:50:01.000000000 +0000
+++ libcap-1.10/libcap/cap_proc.c 2007-05-21 07:10:02.000000000 +0000
@@ -21,7 +21,8 @@
/* fill the capability sets via a system call */
if (capget(&result->head, &result->set)) {
- cap_free(&result);
+ cap_free(result);
+ result = NULL;
}
}
diff -Naur libcap-1.10.orig/libcap/cap_text.c libcap-1.10/libcap/cap_text.c
--- libcap-1.10.orig/libcap/cap_text.c 1999-11-18 06:03:26.000000000 +0000
+++ libcap-1.10/libcap/cap_text.c 2007-05-21 07:10:40.000000000 +0000
@@ -16,8 +16,8 @@
#include <ctype.h>
#include <stdio.h>
-/* Maximum output text length (16 per cap) */
-#define CAP_TEXT_SIZE (16*__CAP_BITS)
+/* Maximum output text length (20 per cap) */
+#define CAP_TEXT_SIZE (20*__CAP_BITS)
#define LIBCAP_EFF 01
#define LIBCAP_INH 02
@@ -90,8 +90,7 @@
if (!(res = cap_init()))
return NULL;
- for (n = __CAP_BLKS; n--; )
- allones._blk[n] = -1;
+ memset(&allones, 0xff, sizeof(allones));
_cap_debug("%s", str);
for (;;) {
@@ -209,9 +208,10 @@
}
bad:
- cap_free(&res);
+ cap_free(res);
+ res = NULL;
errno = EINVAL;
- return NULL;
+ return res;
}
/*
@@ -261,7 +261,7 @@
m = t;
/* blank is not a valid capability set */
- p = sprintf(buf, "=%s%s%s",
+ p = snprintf(buf, sizeof(buf), "=%s%s%s",
(m & LIBCAP_EFF) ? "e" : "",
(m & LIBCAP_INH) ? "i" : "",
(m & LIBCAP_PER) ? "p" : "" ) + buf;
@@ -272,9 +272,9 @@
for (n = 0; n != __CAP_BITS; n++)
if (getstateflags(caps, n) == t) {
if (_cap_names[n])
- p += sprintf(p, "%s,", _cap_names[n]);
+ p += snprintf(p, sizeof(buf)-(p-buf), "%s,", _cap_names[n]);
else
- p += sprintf(p, "%d,", n);
+ p += snprintf(p, sizeof(buf)-(p-buf), "%d,", n);
if (p - buf > CAP_TEXT_SIZE) {
errno = ERANGE;
return NULL;
@@ -283,13 +283,17 @@
p--;
n = t & ~m;
if (n)
- p += sprintf(p, "+%s%s%s",
+ p += snprintf(p, sizeof(buf)-(p-buf), "+%s%s%s",
(n & LIBCAP_EFF) ? "e" : "",
(n & LIBCAP_INH) ? "i" : "",
(n & LIBCAP_PER) ? "p" : "");
+ if (p - buf > CAP_TEXT_SIZE) {
+ errno = ERANGE;
+ return NULL;
+ }
n = ~t & m;
if (n)
- p += sprintf(p, "-%s%s%s",
+ p += snprintf(p, sizeof(buf)-(p-buf), "-%s%s%s",
(n & LIBCAP_EFF) ? "e" : "",
(n & LIBCAP_INH) ? "i" : "",
(n & LIBCAP_PER) ? "p" : "");
diff -Naur libcap-1.10.orig/libcap/include/sys/capability.h libcap-1.10/libcap/include/sys/capability.h
--- libcap-1.10.orig/libcap/include/sys/capability.h 1999-11-18 06:19:21.000000000 +0000
+++ libcap-1.10/libcap/include/sys/capability.h 2007-05-21 07:10:57.000000000 +0000
@@ -4,6 +4,7 @@
*
* Copyright (C) 1997 Aleph One
* Copyright (C) 1997-8 Andrew G. Morgan <[EMAIL PROTECTED]>
+ * Copyright (C) 2002-2003 Dmitry V. Levin <ldv at altlinux.org>
*
* defunct POSIX.1e Standard: 25.2 Capabilities <sys/capability.h>
*/
@@ -21,8 +22,46 @@
*/
#include <sys/types.h>
+
+/*
+ * Make sure we can be included from userland by preventing
+ * capability.h from including other kernel headers
+ */
+#ifndef __KERNEL__
+
+#undef _SYSCAP_OWN_LINUX_TYPES_H
+#undef _SYSCAP_OWN_LINUX_FS_H
+
+#ifndef _LINUX_TYPES_H
+#define _LINUX_TYPES_H
+#define _SYSCAP_OWN_LINUX_TYPES_H
+
+#include <stdint.h>
+typedef uint32_t __u32;
+
+#endif /* _LINUX_TYPES_H */
+
+#ifndef _LINUX_FS_H
+#define _LINUX_FS_H
+#define _SYSCAP_OWN_LINUX_FS_H
+#endif /* _LINUX_FS_H */
+
+#endif /* __KERNEL__ */
+
#include <linux/capability.h>
+#ifndef __KERNEL__
+
+#ifdef _SYSCAP_OWN_LINUX_TYPES_H
+#undef _LINUX_TYPES_H
+#endif /* _SYSCAP_OWN_LINUX_TYPES_H */
+
+#ifdef _SYSCAP_OWN_LINUX_FS_H
+#undef _LINUX_FS_H
+#endif /* _SYSCAP_OWN_LINUX_FS_H */
+
+#endif /* __KERNEL__ */
+
/*
* POSIX capability types
*/
@@ -72,12 +111,6 @@
int cap_set_flag(cap_t, cap_flag_t, int, cap_value_t *, cap_flag_value_t);
int cap_clear(cap_t);
-/* libcap/cap_file.c */
-cap_t cap_get_fd(int);
-cap_t cap_get_file(const char *);
-int cap_set_fd(int, cap_t);
-int cap_set_file(const char *, cap_t);
-
/* libcap/cap_proc.c */
cap_t cap_get_proc(void);
int cap_set_proc(cap_t);
diff -Naur libcap-1.10.orig/libcap/libcap.map libcap-1.10/libcap/libcap.map
--- libcap-1.10.orig/libcap/libcap.map 1970-01-01 00:00:00.000000000 +0000
+++ libcap-1.10/libcap/libcap.map 2007-05-21 07:09:52.000000000 +0000
@@ -0,0 +1,20 @@
+{
+ global:
+ _cap_names;
+ cap_clear;
+ cap_copy_ext;
+ cap_copy_int;
+ cap_dup;
+ cap_free;
+ cap_from_text;
+ cap_get_flag;
+ cap_get_proc;
+ cap_init;
+ cap_set_flag;
+ cap_set_proc;
+ cap_size;
+ cap_to_text;
+ capgetp;
+ capsetp;
+ local: *;
+};
diff -Naur libcap-1.10.orig/progs/execcap.c libcap-1.10/progs/execcap.c
--- libcap-1.10.orig/progs/execcap.c 1999-04-17 22:16:31.000000000 +0000
+++ libcap-1.10/progs/execcap.c 2007-05-21 07:10:40.000000000 +0000
@@ -10,11 +10,12 @@
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>
+#include <stdlib.h>
#include <sys/capability.h>
#include <unistd.h>
#include <string.h>
-static void usage(void)
+static void __attribute__((noreturn)) usage(void)
{
fprintf(stderr,
"usage: execcap <caps> <command-path> [command-args...]\n\n"
@@ -28,7 +29,7 @@
exit(1);
}
-void main(int argc, char **argv)
+int main(int argc, char **argv)
{
cap_t new_caps;
@@ -46,13 +47,13 @@
new_caps = cap_from_text(argv[1]);
if (new_caps == NULL) {
fprintf(stderr, "requested capabilities were not recognized\n");
- usage();
+ return 1;
}
/* set these capabilities for the current process */
if (cap_set_proc(new_caps) != 0) {
fprintf(stderr, "unable to set capabilities: %s\n", strerror(errno));
- usage();
+ return 1;
}
/* exec the program indicated by args 2 ... */
@@ -61,5 +62,5 @@
/* if we fall through to here, our exec failed -- announce the fact */
fprintf(stderr, "Unable to execute command: %s\n", strerror(errno));
- usage();
+ return 1;
}
diff -Naur libcap-1.10.orig/progs/setpcaps.c libcap-1.10/progs/setpcaps.c
--- libcap-1.10.orig/progs/setpcaps.c 1999-11-18 06:04:26.000000000 +0000
+++ libcap-1.10/progs/setpcaps.c 2007-05-21 07:10:40.000000000 +0000
@@ -15,7 +15,7 @@
#include <sys/capability.h>
#include <unistd.h>
-static void usage(void)
+static void __attribute__ ((noreturn)) usage(void)
{
fprintf(stderr,
"usage: setcap [-q] (-|<caps>) <pid> [ ... (-|<capsN>) <pid> ]\n\n"
@@ -31,15 +31,13 @@
#define MAXCAP 2048
-static int read_caps(int quiet, const char *filename, char *buffer)
+static int read_caps(int quiet, char *buffer, size_t size)
{
- int i=MAXCAP;
-
if (!quiet) {
fprintf(stderr, "Please enter caps for file [empty line to end]:\n");
}
- while (i > 0) {
- int j = read(STDIN_FILENO, buffer, i);
+ while (size > 0) {
+ ssize_t j = read(STDIN_FILENO, buffer, size);
if (j < 0) {
fprintf(stderr, "\n[Error - aborting]\n");
@@ -53,14 +51,14 @@
/* move on... */
- i -= j;
+ size -= j;
buffer += j;
}
/* <NUL> terminate */
buffer[0] = '\0';
- return (i < MAXCAP ? 0:-1);
+ return (size < MAXCAP ? 0 : -1);
}
int main(int argc, char **argv)
@@ -82,7 +80,7 @@
continue;
}
if (!strcmp(*argv,"-")) {
- retval = read_caps(quiet, *argv, buffer);
+ retval = read_caps(quiet, buffer, sizeof(buffer)-1);
if (retval)
usage();
text = buffer;
diff -Naur libcap-1.10.orig/progs/sucap.c libcap-1.10/progs/sucap.c
--- libcap-1.10.orig/progs/sucap.c 1999-04-17 22:16:31.000000000 +0000
+++ libcap-1.10/progs/sucap.c 2007-05-21 07:10:40.000000000 +0000
@@ -11,17 +11,19 @@
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>
-#undef _POSIX_SOURCE
-#include <sys/capability.h>
+#include <stdlib.h>
#include <pwd.h>
-#define __USE_BSD
#include <grp.h>
#include <unistd.h>
#include <sys/wait.h>
#include <errno.h>
#include <string.h>
-static void usage(void)
+#undef _POSIX_SOURCE
+#include <sys/capability.h>
+#define _POSIX_SOURCE 1
+
+static void __attribute__((noreturn)) usage(void)
{
fprintf(stderr,
"usage: sucap <user> <group> <command-path> [command-args...]\n\n"
@@ -48,7 +50,7 @@
}
-void main(int argc, char **argv)
+int main(int argc, char **argv)
{
cap_t old_caps;
uid_t uid;
@@ -129,7 +131,7 @@
close(pipe_fds[0]);
/* Get rid of any supplemental groups */
- if (!getuid() && setgroups(0, 0)) {
+ if (!getuid() && setgroups(0UL, 0)) {
perror("sucap: setgroups failed");
exit(1);
}
@@ -176,7 +178,7 @@
/* if we fall through to here, our exec failed -- announce the fact */
fprintf(stderr, "Unable to execute command: %s\n", strerror(errno));
- usage();
+ exit(1);
} else {
/* Child process */
close(pipe_fds[1]);
pgpO6haFooMni.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
