emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6842d00ceb
busybox/util-linux
History
Patrick Steinhardt 6842d00ceb setpriv: allow modifying ambient capabilities 
With Linux 4.3, a new set of capabilities has been introduced with the
ambient capabilities. These aim to solve the problem that it was
impossible to grant run programs with elevated privileges across
non-root users. Quoting from capabilities(7):

    This is a set of capabilities that are preserved across an execve(2)
    of a program that is not privileged.  The ambient capability set
    obeys the invariant that no capability can ever be ambient if it is
    not both permitted and inheritable.

With this new set of capabilities it is now possible to run an
executable with elevated privileges as a different user, making it much
easier to do proper privilege separation.

Note though that the `--ambient-caps` switch is not part of any released
version of util-linux, yet. It has been applied in 0c92194ee (setpriv:
support modifying the set of ambient capabilities, 2017-06-24) and will
probably be part of v2.31.

function                                             old     new   delta
parse_cap                                              -     174    +174
setpriv_main                                        1246    1301     +55
.rodata                                           146307  146347     +40
static.setpriv_longopts                               40      55     +15
packed_usage                                       32092   32079     -13

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-07 02:14:23 +02:00
..
volume_id Spelling fixes in comments, documentation, tests and examples 2017-04-17 16:13:32 +02:00
acpid.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
blkdiscard.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
blkid.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
blockdev.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
cal.c Spelling fixes in comments, documentation, tests and examples 2017-04-17 16:13:32 +02:00
chrt.c Sort some miscutils/ applets into coreutils or util-linux 2017-04-12 13:58:40 +02:00
Config.src Big cleanup in config help and description 2017-01-10 14:58:54 +01:00
dmesg.c Big cleanup in config help and description 2017-01-10 14:58:54 +01:00
eject.c Sort some miscutils/ applets into coreutils or util-linux 2017-04-12 13:58:40 +02:00
fallocate.c fallocate: new applet 2017-04-11 13:33:54 +02:00
fatattr.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
fbset.c Big cleanup in config help and description 2017-01-10 14:58:54 +01:00
fdformat.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
fdisk_aix.c *: make GNU licensing statement forms more regular 2010-08-16 20:14:46 +02:00
fdisk_gpt.c fdisk_gpt: simplify GPT partition name printing 2016-11-27 20:47:01 +01:00
fdisk_osf.c randomconfig fixes 2016-06-19 18:15:33 +02:00
fdisk_sgi.c randomconfig fixes 2016-06-19 18:15:33 +02:00
fdisk_sun.c fdisk_sun: fix partition alignment 2013-02-11 00:22:59 +01:00
fdisk.c fixes for bugs found by make_single_applets.sh 2017-07-03 21:31:16 +02:00
findfs.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
flock.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
freeramdisk.c *: add comment about APPLET_ODDNAME format 2017-01-29 14:57:33 +01:00
fsck_minix.c libbb: consolidate the code to set termios unbuffered mode 2017-01-11 16:17:59 +01:00
fsfreeze.c fallocate: new applet 2017-04-11 13:33:54 +02:00
fstrim.c make --help texts more uniform 2017-01-21 02:49:58 +01:00
getopt.c libbb: GETOPT_RESET macro 2017-04-12 20:11:34 +02:00
hexdump_xxd.c xxd: make -p output lines actually end with a newline 2017-01-25 17:00:38 +01:00
hexdump.c xxd: implement -p 2017-01-25 16:50:30 +01:00
hwclock.c Spelling fixes in comments, documentation, tests and examples 2017-04-17 16:13:32 +02:00
ionice.c Sort some miscutils/ applets into coreutils or util-linux 2017-04-12 13:58:40 +02:00
ipcrm.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
ipcs.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
Kbuild.src Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
last_fancy.c Sort some miscutils/ applets into coreutils or util-linux 2017-04-12 13:58:40 +02:00
last.c Sort some miscutils/ applets into coreutils or util-linux 2017-04-12 13:58:40 +02:00
losetup.c mount: create loop devices with LO_FLAGS_AUTOCLEAR flag 2017-03-16 16:55:47 +01:00
lspci.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
lsusb.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
mdev.c mdev: create devices from /sys/dev 2016-09-07 14:09:01 +02:00
mesg.c Sort more misplaced applets into coreutils or util-linux 2017-04-12 14:16:29 +02:00
minix.h more bionic fixes 2016-03-14 19:34:15 +01:00
mkfs_ext2_test.sh mkfs_ext2: use compatible inode sizes; add -I <inodesize>. (by Vladimir) 2009-10-22 12:12:17 +02:00
mkfs_ext2.c *: add comment about APPLET_ODDNAME format 2017-01-29 14:57:33 +01:00
mkfs_ext2.txt mkfs_ext2: use compatible inode sizes; add -I <inodesize>. (by Vladimir) 2009-10-22 12:12:17 +02:00
mkfs_minix.c *: add comment about APPLET_ODDNAME format 2017-01-29 14:57:33 +01:00
mkfs_reiser.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
mkfs_vfat.c *: add comment about APPLET_ODDNAME format 2017-01-29 14:57:33 +01:00
mkswap.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
more.c libbb: consolidate the code to set termios unbuffered mode 2017-01-11 16:17:59 +01:00
mount.c mount: create loop devices with LO_FLAGS_AUTOCLEAR flag 2017-03-16 16:55:47 +01:00
mountpoint.c Sort some miscutils/ applets into coreutils or util-linux 2017-04-12 13:58:40 +02:00
nsenter.c make --help texts more uniform 2017-01-21 02:49:58 +01:00
pivot_root.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
rdate.c rdate: time(NULL) is shorter than time(&var) 2017-01-20 16:07:14 +01:00
rdev.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
readprofile.c Code style fixes, no code changes 2016-11-28 01:22:57 +01:00
renice.c Spelling fixes in comments, documentation, tests and examples 2017-04-17 16:13:32 +02:00
rev.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
rtcwake.c make --help texts more uniform 2017-01-21 02:49:58 +01:00
script.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
scriptreplay.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
setarch.c *: add comment about APPLET_ODDNAME format 2017-01-29 14:57:33 +01:00
setpriv.c setpriv: allow modifying ambient capabilities 2017-07-07 02:14:23 +02:00
setsid.c Sort some miscutils/ applets into coreutils or util-linux 2017-04-12 13:58:40 +02:00
swaponoff.c *: add comment about APPLET_ODDNAME format 2017-01-29 14:57:33 +01:00
switch_root.c Spelling fixes in comments, documentation, tests and examples 2017-04-17 16:13:32 +02:00
taskset.c Sort some miscutils/ applets into coreutils or util-linux 2017-04-12 13:58:40 +02:00
uevent.c Convert all util-linux/* applets to "new style" applet definitions 2016-11-23 11:46:32 +01:00
umount.c Revert "umount: make -d always active, add -D to suppress it" 2017-03-16 17:51:06 +01:00
unshare.c unshare: fix help text; select LONG_OPTS instead depending on them 2017-06-14 16:20:02 +02:00
wall.c Sort some miscutils/ applets into coreutils or util-linux 2017-04-12 13:58:40 +02:00