diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2009-08-26 21:19:50 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2009-08-26 21:19:50 -0700 |
| commit | 5df3c2a2822a1fbcbe22834490cfd8d2212e6a5d (patch) | |
| tree | a62beb328eac5fc981d68ba4149c8212d298d9b2 | |
| parent | 012bca3265ed0d84b57531919a390645052d810e (diff) | |
| download | libcap-5df3c2a2822a1fbcbe22834490cfd8d2212e6a5d.tar.gz | |
Fix test to actually test setuid-0 scripts don't get capabilities.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
| -rwxr-xr-x | progs/quicktest.sh | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/progs/quicktest.sh b/progs/quicktest.sh index 7e7edd5..bfe54c4 100755 --- a/progs/quicktest.sh +++ b/progs/quicktest.sh @@ -3,6 +3,7 @@ # Run through a series of tests to try out the various capability # manipulations posible through exec. # +# [Run this as root in a root-enabled process tree.] try_capsh () { echo "TEST: ./capsh $*" @@ -113,11 +114,14 @@ caps=\$(./getpcaps \$mypid 2>&1 | cut -d: -f2) if [ "\$caps" != " =" ]; then echo "Shell script got [\$caps] - you should upgrade your kernel" exit 1 +else + ls -l \$0 + echo "Good, no capabilities [\$caps] for this setuid-0 shell script" fi exit 0 EOF chmod +xs hack.sh -./hack.sh +capsh --uid=500 -- ./hack.sh status=$? rm -f ./hack.sh if [ $status -ne 0 ]; then |