Last active
July 18, 2023 06:17
-
-
Save kuenishi/49ea2da682617714e38f51943b929de2 to your computer and use it in GitHub Desktop.
capability demonstration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| pid = os.getpid() | |
| with open(f"/proc/{pid}/status") as fp: | |
| for line in fp.readlines(): | |
| if line.startswith("Cap"): | |
| print(line.strip()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "fmt" | |
| "os" | |
| "syscall" | |
| "log" | |
| "kernel.org/pub/linux/libs/security/libcap/cap" | |
| ) | |
| func main() { | |
| pid := os.Getpid() | |
| status := fmt.Sprintf("/proc/%d/status", pid) | |
| fp, err := os.Open(status) | |
| if err != nil { | |
| log.Fatal(err) | |
| } | |
| defer fp.Close() | |
| scanner := bufio.NewScanner(fp) | |
| for scanner.Scan() { | |
| line := scanner.Text() | |
| if line[:3] == "Cap" { | |
| fmt.Println(line) | |
| } | |
| } | |
| log.Printf("this process has these caps: %q", cap.GetProc()) | |
| flag, err := cap.GetProc().GetFlag(cap.Permitted, cap.SYS_ADMIN) | |
| if err != nil { | |
| log.Fatal(err) | |
| } | |
| log.Printf("Has %s: %v", cap.SYS_ADMIN.String(), flag) | |
| // https://gist.github.com/BorePlusPlus/4f9b2b4cc687c05dbdfb | |
| log.Println("Starting setuid. getuid:", syscall.Getuid()) | |
| if err := syscall.Setuid(0); err != nil { | |
| log.Fatal("setuid: ", err) | |
| } | |
| log.Println("setuid ok. getuid:", syscall.Getuid()) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment