When running zsh on a Linux 2.5 kernel, the prompt always has a hash
sign '#' rather than the normal user '$'. This probably happens because
the shell function privasserted() is returning true for all users. I
know nothing about Posix capabilities but the zsh code for this looks
suspicious.
Code in question:
------------------------------------------------------------
/* isolate zsh bug */
#include <stdio.h>
#include <sys/capability.h>
int
privasserted(void)
{
if(!geteuid()) {
printf("geteuid() is root\n");
return 1;
}
else {
cap_t caps = cap_get_proc();
if(caps) {
printf("caps = %p\n", caps);
/* POSIX doesn't define a way to test whether a capability
set *
* is empty or not. Typical. I hope this is
conforming... */
cap_flag_value_t val;
cap_value_t n;
for(n = 0; !cap_get_flag(caps, n, CAP_EFFECTIVE, &val); n++)
{
if(val) {
printf("capability %#x is %d\n", n, val);
cap_free(caps); /* missing in original zsh code
memory leak */
return 1;
}
}
printf("last capability %#x\n", n);
cap_free(caps);
}
}
return 0;
}
int main(int argc, const char **argv) {
printf("%s privledged\n", privasserted() ? "Is" : "Not");
}
------------------------------------------------
On 2.4.18
caps = 0x8049844
last capability 0x1d
Not privledged
On 2.5.43
caps = 0x804a00c
capability 0 is 1
Is privledged
* Stephen Hemminger ([email protected]) wrote:
> When running zsh on a Linux 2.5 kernel, the prompt always has a hash
> sign '#' rather than the normal user '$'. This probably happens because
> the shell function privasserted() is returning true for all users. I
> know nothing about Posix capabilities but the zsh code for this looks
> suspicious.
See if this patch fixes your problem. There is a bug in capget(2) which
is called by cap_get_proc(3). I was holding off on submitting this patch
to Linus until the LSM stuff is resolved.
thanks,
-chris
--- 2.5.43/kernel/capability.c Sun Sep 15 12:19:29 2002
+++ 2.5.43-capget/kernel/capability.c Wed Oct 16 00:51:33 2002
@@ -54,15 +54,15 @@
spin_lock(&task_capability_lock);
read_lock(&tasklist_lock);
- target = find_task_by_pid(pid);
- if (!target) {
- ret = -ESRCH;
- goto out;
- }
+ if (pid && pid != current->pid) {
+ target = find_task_by_pid(pid);
+ if (!target) {
+ ret = -ESRCH;
+ goto out;
+ }
+ } else
+ target = current;
- data.permitted = cap_t(target->cap_permitted);
- data.inheritable = cap_t(target->cap_inheritable);
- data.effective = cap_t(target->cap_effective);
ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
out:
--- 2.5.43/security/dummy.c Fri Oct 11 14:22:54 2002
+++ 2.5.43-capget/security/dummy.c Tue Oct 15 00:47:24 2002
@@ -27,6 +27,17 @@
static int dummy_capget (struct task_struct *target, kernel_cap_t * effective,
kernel_cap_t * inheritable, kernel_cap_t * permitted)
{
+ *effective = *inheritable = *permitted = 0;
+ if (!issecure(SECURE_NOROOT)) {
+ if (target->euid == 0) {
+ *permitted |= (~0 & ~CAP_FS_MASK);
+ *effective |= (~0 & ~CAP_TO_MASK(CAP_SETPCAP) & ~CAP_FS_MASK);
+ }
+ if (target->fsuid == 0) {
+ *permitted |= CAP_FS_MASK;
+ *effective |= CAP_FS_MASK;
+ }
+ }
return 0;
}
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net