Created
January 28, 2016 23:46
-
-
Save mnakama/28345005430fafe76fd7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <unistd.h> | |
| #include <stdio.h> | |
| #include <err.h> | |
| #include <sys/prctl.h> | |
| #include <sys/capability.h> | |
| #define PR_CAP_AMBIENT 47 | |
| #define PR_CAP_AMBIENT_IS_SET 1 | |
| #define PR_CAP_AMBIENT_RAISE 2 | |
| #define PR_CAP_AMBIENT_LOWER 3 | |
| #define PR_CAP_AMBIENT_CLEAR_ALL 4 | |
| int main(int argc, char **argv) { | |
| int ret = 0; | |
| if (argc <= 1) { | |
| printf("usage: %s <command> [arguments]\n", argv[0]); | |
| return 1L; | |
| } | |
| ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, CAP_DAC_OVERRIDE, 0, 0); | |
| printf("Result: %d\n", ret); | |
| if (ret < 0) err(1, "Could not raise ambient permission set"); | |
| execvp(argv[1], argv+1); | |
| err(1, "Could not execute \"%s\"", argv[1]); | |
| } | |
| /* Compile and run output: | |
| % gcc -o pls pls.c -lcap-ng && sudo setcap cap_setpcap,cap_dac_override+pie pls | |
| % ./pls zsh | |
| Result: -1 | |
| pls: Could not raise ambient permission set: Operation not permitted | |
| */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment