drop capabilities

This commit is contained in:
Roy Olav Purser 2024-02-09 21:33:57 +01:00
parent 2627bad25d
commit 27096b766c
Signed by: roypur
GPG Key ID: 063DAA01D56E28CB

View File

@ -1,5 +1,6 @@
#define _GNU_SOURCE #define _GNU_SOURCE
#include <sys/prctl.h>
#include <fcntl.h> #include <fcntl.h>
#include <pwd.h> #include <pwd.h>
#include <sched.h> #include <sched.h>
@ -8,12 +9,6 @@
#include <unistd.h> #include <unistd.h>
int main() { int main() {
char shell[128] = {0};
struct passwd *pw = getpwent();
strlcpy(shell, pw->pw_shell, sizeof(shell));
printf("%s\n", shell);
endpwent();
int fd = open("/run/vpn/net", 0); int fd = open("/run/vpn/net", 0);
@ -30,6 +25,19 @@ int main() {
perror("open /run/vpn/net"); perror("open /run/vpn/net");
return 1; return 1;
} }
if(prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) == -1) {
perror("prctl");
return 1;
}
char shell[128] = {0};
struct passwd *pw = getpwent();
strlcpy(shell, pw->pw_shell, sizeof(shell));
printf("%s\n", shell);
endpwent();
execl(shell, shell, NULL); execl(shell, shell, NULL);
perror(NULL); perror(NULL);
return 0; return 0;