#define _GNU_SOURCE #include #include #include "sec.h" #include #include #include #ifdef __linux__ #include bool checkpcap(uint64_t caps) { if (!caps) return true; // no special caps reqd struct __user_cap_header_struct ch = {_LINUX_CAPABILITY_VERSION_3, getpid()}; struct __user_cap_data_struct cd[2]; uint32_t c0 = (uint32_t)caps; uint32_t c1 = (uint32_t)(caps>>32); return !capget(&ch,cd) && (cd[0].effective & c0)==c0 && (cd[1].effective & c1)==c1; } bool setpcap(uint64_t caps) { struct __user_cap_header_struct ch = {_LINUX_CAPABILITY_VERSION_3, getpid()}; struct __user_cap_data_struct cd[2]; cd[0].effective = cd[0].permitted = (uint32_t)caps; cd[0].inheritable = 0; cd[1].effective = cd[1].permitted = (uint32_t)(caps>>32); cd[1].inheritable = 0; return !capset(&ch,cd); } int getmaxcap() { int maxcap = CAP_LAST_CAP; FILE *F = fopen("/proc/sys/kernel/cap_last_cap", "r"); if (F) { fscanf(F, "%d", &maxcap); fclose(F); } return maxcap; } bool dropcaps() { uint64_t caps = 0; int maxcap = getmaxcap(); if (setpcap(caps|(1<