cptpcrd / capctl Goto Github PK
View Code? Open in Web Editor NEWA pure-Rust interface to prctl() and Linux capabilities.
License: MIT License
A pure-Rust interface to prctl() and Linux capabilities.
License: MIT License
I have a use case that requires validating capabilities strings, that I would like to be able to use on non-Linux operating systems. It seems like all of the capabilities parsing / validating code ought to be platform-independent?
Currently there is no way to do this, the crate won't compile on non-Linux operating systems, and there is no way to disable the platform-specific parts.
There are a few different ways to accomplish this:
#[cfg(target_os = "linux")]
so that other platforms can still use the platform-independent bits.I would be willing to file a PR myself if one of these approaches (probably the first, it seems the least painful) is acceptable.
Requesting support for PR_SET_MDWE
and PR_GET_MDWE
(Linux 6.3) as seen in the following PoC.
#![forbid(unsafe_op_in_unsafe_fn)]
#![allow(non_camel_case_types)]
use core::ffi::*;
use core::ptr;
type c_size_t = usize;
type c_off_t = i64;
const PR_SET_MDWE: i32 = 65;
//const PR_GET_MDWE: i32 = 66;
// Bitflags
const PR_MDWE_REFUSE_EXEC_GAIN: u64 = 1;
//const PROT_NONE: c_int = 0;
const PROT_READ: c_int = 1;
const PROT_WRITE: c_int = 2;
const PROT_EXEC: c_int = 4;
const MAP_PRIVATE: c_int = 0x0002;
const MAP_ANONYMOUS: c_int = 0x0020;
const MAP_FAILED: *mut c_void = -1 as _;
const EACCES: c_int = 13;
extern "C" {
fn prctl(option: c_int, arg2: c_ulong, arg3: c_ulong, arg4: c_ulong, arg5: c_ulong) -> c_int;
fn mmap(
addr: *mut c_void,
length: c_size_t,
prot: c_int,
flags: c_int,
fd: c_int,
offset: c_off_t,
) -> *mut c_void;
fn mprotect(addr: *mut c_void, len: c_size_t, prot: c_int) -> c_int;
fn __errno_location() -> *mut c_int;
}
fn prctl_set_mdwe(bits: u64) {
let rv = unsafe { prctl(PR_SET_MDWE, bits, 0, 0, 0) };
assert!(rv == 0);
}
fn main() {
prctl_set_mdwe(PR_MDWE_REFUSE_EXEC_GAIN);
let ptr1 = unsafe {
mmap(
ptr::null_mut(),
4,
PROT_WRITE | PROT_EXEC,
MAP_PRIVATE | MAP_ANONYMOUS,
-1,
0,
)
};
assert!(unsafe { *__errno_location() } == EACCES);
assert!(ptr1 == MAP_FAILED);
let ptr2 = unsafe {
mmap(
ptr::null_mut(),
4,
PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS,
-1,
0,
)
};
let rv2 = unsafe { mprotect(ptr2, 4, PROT_EXEC) };
assert!(unsafe { *__errno_location() } == EACCES);
assert!(rv2 == -1);
let ptr3 = unsafe {
mmap(
ptr::null_mut(),
4,
PROT_READ | PROT_EXEC,
MAP_PRIVATE | MAP_ANONYMOUS,
-1,
0,
)
};
let rv3 = unsafe { mprotect(ptr3, 4, PROT_EXEC) };
assert!(rv3 == 0);
}
actions-rs action lack of maintenance and may become a problem with the deprecation of Node.js 12. See my post at libseccomp-rs/libseccomp-rs#188.
I would welcome an interface for the PR_SET_SPECULATION_CTRL
and PR_GET_SPECULATION_CTRL
prctls.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.