berdav
/
cado
mirror of https://github.com/rd235/cado
1
0
Fork 0
Code Issues Releases Wiki Activity

cado.conf:var enabled. execs changed the def value

This commit is contained in:
Renzo Davoli 2017-09-16 14:11:29 +02:00
parent 32660373c8
commit a476f62ccf
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -194,7 +194,7 @@ Unavailable ambient capabilities:
7 0000000000000080 cap_setuid
cado: Permission denied
```
It is possible to enable only the capability allowed by setting the -q option
It is possible to enable only the allowed capabilities by setting the -q option
(with or without -v). Using -q cado does not fail.
```
$ cado -qv net_admin,kill,setuid bash

2
read_conf.c
View File

@ -61,6 +61,8 @@ static int drop_capabilities(void *useless) {
uint64_t get_authorized_caps(char **user_groups, uint64_t reqset) {
uint64_t ok_caps=0;
FILE *f;
/* allow environment vars in execs commands */
s2argv_getvar=getenv;
/* cado.conf is not readble by users. Add the capability to do it */
if (user_groups) raise_cap_dac_read_search();
f=fopen(CADO_CONF, "r");