diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2022-10-30 13:52:38 -0700 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2022-10-30 13:52:38 -0700 |
commit | 9bdfc8609add40594fc2537b22722d16ccd56227 (patch) | |
tree | 274b025c7370144222df5699450b92ca6a7ecda4 | |
parent | 6521defb406ba8e7217342852a046998332d356c (diff) | |
download | libcap-9bdfc8609add40594fc2537b22722d16ccd56227.tar.gz |
Clean up some of the markdown text.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
-rw-r--r-- | contrib/capso/README.md | 23 | ||||
-rw-r--r-- | contrib/sucap/README.md | 21 |
2 files changed, 22 insertions, 22 deletions
diff --git a/contrib/capso/README.md b/contrib/capso/README.md index 64e9b43..df2e878 100644 --- a/contrib/capso/README.md +++ b/contrib/capso/README.md @@ -1,20 +1,21 @@ # Leveraging file capabilities on shared libraries -This directory contains an example of a shared library (capso.so) that -can be installed with file capabilities. When the library is linked -against an unprivileged program, it includes internal support for -re-invoking itself as a child subprocess to execute a privileged +This directory contains an example of a shared library (`capso.so`) +that can be installed with file capabilities. When the library is +linked against an unprivileged program, it includes internal support +for re-invoking itself as a child subprocess to execute a privileged operation on bahalf of the parent. -The idea for doing this was evolved from the way pam_unix.so is able -to leverage a separate program, and libcap's recently added support -for supporting binary execution of all the .so files built by the +The idea for doing this was evolved from the way `pam_unix.so` is able +to leverage a separate program, and `libcap`'s recently added support +for supporting binary execution of all the `.so` files built by the package. -The actual program example 'bind' leverages the -"cap_net_bind_service=p" ./capso.so file to bind to the privileged -port 80. +The actual program example `./bind` leverages the +`"cap_net_bind_service=p"` enabled `./capso.so` file to bind to the +privileged port 80. -A writeup of how to explore this example is provided here: +A writeup of how to build and explore the behavior of this example is +provided on the `libcap` distribution website: https://sites.google.com/site/fullycapable/capable-shared-objects diff --git a/contrib/sucap/README.md b/contrib/sucap/README.md index 0808912..5cc0dcc 100644 --- a/contrib/sucap/README.md +++ b/contrib/sucap/README.md @@ -1,22 +1,21 @@ -This directory contains a port of the SimplePAMApp su to more -aggressively use libcap. +# A fully capable version of `su` -The Makefile builds a binary called `su` that registers with PAM as -the application `sucap`. We've provided a sample `/etc/pam.d/sucap` -file in this directory named `sucap.pamconfig`. +This directory contains a port of the `SimplePAMApp` `su` one that can +work in a `PURE1E` `libcap`-_mode_ environment. -The point of developing this is to better test the full libcap +The point of developing this is to better test the full `libcap` implementation, and to also provide a non-setuid-root worked example -for testing PAM interaction with libcap and pam_cap.so. The -expectations for `pam_unix.so` are that it includes this commit: +for testing PAM interaction with `libcap` and `pam_cap.so`. The +required expectations for `pam_unix.so` are that it include this +commit: https://github.com/linux-pam/linux-pam/pull/373/commits/bf9b1d8ad909634000a7356af2d865a79d3f86f3 -The original sources were found here: +The original sources for this version of `su` were found here: https://kernel.org/pub/linux/libs/pam/pre/applications/SimplePAMApps-0.60.tar.gz -The SimplePAMApps contain the same License as libcap (they were +The `SimplePAMApps` contain the same License as `libcap` (they were originally started by the same authors!). The credited Authors in the above tarball were: @@ -33,7 +32,7 @@ tar ball and is thus a derived work from that. Finally, Andrew would like to apologize to Andrey for removing all of the config support he worked to add all those decades ago..! I just wanted to make a quick tester for a potential workaround for this -pam_cap issue: +`pam_cap.so` issue: - https://bugzilla.kernel.org/show_bug.cgi?id=212945 |