setpriv: allow modifying ambient capabilities
With Linux 4.3, a new set of capabilities has been introduced with the
ambient capabilities. These aim to solve the problem that it was
impossible to grant run programs with elevated privileges across
non-root users. Quoting from capabilities(7):
This is a set of capabilities that are preserved across an execve(2)
of a program that is not privileged. The ambient capability set
obeys the invariant that no capability can ever be ambient if it is
not both permitted and inheritable.
With this new set of capabilities it is now possible to run an
executable with elevated privileges as a different user, making it much
easier to do proper privilege separation.
Note though that the `--ambient-caps` switch is not part of any released
version of util-linux, yet. It has been applied in
0c92194ee (setpriv:
support modifying the set of ambient capabilities, 2017-06-24) and will
probably be part of v2.31.
function old new delta
parse_cap - 174 +174
setpriv_main 1246 1301 +55
.rodata 146307 146347 +40
static.setpriv_longopts 40 55 +15
packed_usage 32092 32079 -13
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
projects / oweals / busybox.git / commit