mirror of https://github.com/rd235/cado
cado.conf:var enabled. execs changed the def value
This commit is contained in:
parent
32660373c8
commit
a476f62ccf
|
@ -194,7 +194,7 @@ Unavailable ambient capabilities:
|
||||||
7 0000000000000080 cap_setuid
|
7 0000000000000080 cap_setuid
|
||||||
cado: Permission denied
|
cado: Permission denied
|
||||||
```
|
```
|
||||||
It is possible to enable only the capability allowed by setting the -q option
|
It is possible to enable only the allowed capabilities by setting the -q option
|
||||||
(with or without -v). Using -q cado does not fail.
|
(with or without -v). Using -q cado does not fail.
|
||||||
```
|
```
|
||||||
$ cado -qv net_admin,kill,setuid bash
|
$ cado -qv net_admin,kill,setuid bash
|
||||||
|
|
|
@ -61,6 +61,8 @@ static int drop_capabilities(void *useless) {
|
||||||
uint64_t get_authorized_caps(char **user_groups, uint64_t reqset) {
|
uint64_t get_authorized_caps(char **user_groups, uint64_t reqset) {
|
||||||
uint64_t ok_caps=0;
|
uint64_t ok_caps=0;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
|
/* allow environment vars in execs commands */
|
||||||
|
s2argv_getvar=getenv;
|
||||||
/* cado.conf is not readble by users. Add the capability to do it */
|
/* cado.conf is not readble by users. Add the capability to do it */
|
||||||
if (user_groups) raise_cap_dac_read_search();
|
if (user_groups) raise_cap_dac_read_search();
|
||||||
f=fopen(CADO_CONF, "r");
|
f=fopen(CADO_CONF, "r");
|
||||||
|
|
Loading…
Reference in New Issue