Giter Site home page Giter Site logo

capctl's People

Contributors

cptpcrd avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

dralley

capctl's Issues

Make platform-indepentent parts of the crate usable on non-Linux platforms

I have a use case that requires validating capabilities strings, that I would like to be able to use on non-Linux operating systems. It seems like all of the capabilities parsing / validating code ought to be platform-independent?

Currently there is no way to do this, the crate won't compile on non-Linux operating systems, and there is no way to disable the platform-specific parts.

There are a few different ways to accomplish this:

  • Flag the parts of the library that are strictly Linux-specific as #[cfg(target_os = "linux")] so that other platforms can still use the platform-independent bits.
  • Split into sub-crates.
  • Use a feature flag

I would be willing to file a PR myself if one of these approaches (probably the first, it seems the least painful) is acceptable.

PR_SET_MDWE and PR_GET_MDWE

Requesting support for PR_SET_MDWE and PR_GET_MDWE (Linux 6.3) as seen in the following PoC.

#![forbid(unsafe_op_in_unsafe_fn)]
#![allow(non_camel_case_types)]

use core::ffi::*;
use core::ptr;

type c_size_t = usize;
type c_off_t = i64;

const PR_SET_MDWE: i32 = 65;
//const PR_GET_MDWE: i32 = 66;

// Bitflags
const PR_MDWE_REFUSE_EXEC_GAIN: u64 = 1;

//const PROT_NONE: c_int = 0;
const PROT_READ: c_int = 1;
const PROT_WRITE: c_int = 2;
const PROT_EXEC: c_int = 4;

const MAP_PRIVATE: c_int = 0x0002;
const MAP_ANONYMOUS: c_int = 0x0020;

const MAP_FAILED: *mut c_void = -1 as _;

const EACCES: c_int = 13;

extern "C" {
    fn prctl(option: c_int, arg2: c_ulong, arg3: c_ulong, arg4: c_ulong, arg5: c_ulong) -> c_int;
    fn mmap(
        addr: *mut c_void,
        length: c_size_t,
        prot: c_int,
        flags: c_int,
        fd: c_int,
        offset: c_off_t,
    ) -> *mut c_void;
    fn mprotect(addr: *mut c_void, len: c_size_t, prot: c_int) -> c_int;
    fn __errno_location() -> *mut c_int;
}

fn prctl_set_mdwe(bits: u64) {
    let rv = unsafe { prctl(PR_SET_MDWE, bits, 0, 0, 0) };
    assert!(rv == 0);
}

fn main() {
    prctl_set_mdwe(PR_MDWE_REFUSE_EXEC_GAIN);

    let ptr1 = unsafe {
        mmap(
            ptr::null_mut(),
            4,
            PROT_WRITE | PROT_EXEC,
            MAP_PRIVATE | MAP_ANONYMOUS,
            -1,
            0,
        )
    };
    assert!(unsafe { *__errno_location() } == EACCES);
    assert!(ptr1 == MAP_FAILED);

    let ptr2 = unsafe {
        mmap(
            ptr::null_mut(),
            4,
            PROT_READ | PROT_WRITE,
            MAP_PRIVATE | MAP_ANONYMOUS,
            -1,
            0,
        )
    };
    let rv2 = unsafe { mprotect(ptr2, 4, PROT_EXEC) };
    assert!(unsafe { *__errno_location() } == EACCES);
    assert!(rv2 == -1);

    let ptr3 = unsafe {
        mmap(
            ptr::null_mut(),
            4,
            PROT_READ | PROT_EXEC,
            MAP_PRIVATE | MAP_ANONYMOUS,
            -1,
            0,
        )
    };
    let rv3 = unsafe { mprotect(ptr3, 4, PROT_EXEC) };
    assert!(rv3 == 0);
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.