Radix cross Linux

Index: Make.Rules
===================================================================
--- Make.Rules	(nonexistent)
+++ Make.Rules	(revision 5)
@@ -0,0 +1,164 @@
+# Common version number defines for libcap
+LIBTITLE=libcap
+VERSION=2
+MINOR=48
+
+#
+## Optional prefixes:
+#
+
+# common 'packaging' directory
+
+FAKEROOT=$(DESTDIR)
+
+# Autoconf-style prefixes are activated when $(prefix) is defined.
+# Otherwise binaries and libraries are installed in /{lib,sbin}/,
+# header files in /usr/include/ and documentation in /usr/man/man?/.
+# These choices are motivated by the fact that getcap and setcap are
+# administrative operations that could be needed to recover a system.
+
+ifndef lib
+lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
+endif
+
+ifdef prefix
+exec_prefix=$(prefix)
+lib_prefix=$(exec_prefix)
+inc_prefix=$(lib_prefix)
+man_prefix=$(prefix)/share
+else
+prefix=/usr
+exec_prefix=
+lib_prefix=$(exec_prefix)
+inc_prefix=$(prefix)
+man_prefix=$(prefix)/share
+endif
+
+# Target directories
+
+MANDIR=$(man_prefix)/man
+SBINDIR=$(exec_prefix)/sbin
+INCDIR=$(inc_prefix)/include
+LIBDIR=$(lib_prefix)/$(lib)
+PKGCONFIGDIR=$(prefix)/$(LIBDIR)/pkgconfig
+GOPKGDIR=$(prefix)/share/gocode/src
+
+# Once go1.16 is released, I plan to set this value to 1 and keep it
+# there. The Go packages should always remain backwardly compatible,
+# but I may have to up it if Go's syntax dramatically changes in a
+# backwards incompatible manner. (Let's hope not.)
+GOMAJOR=0
+
+# Compilation specifics
+
+KERNEL_HEADERS := $(topdir)/libcap/include/uapi
+IPATH += -fPIC -I$(KERNEL_HEADERS) -I$(topdir)/libcap/include
+
+DEFINES := -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
+COPTS ?= -O2
+CFLAGS ?= $(COPTS) $(DEFINES)
+BUILD_CC := gcc
+BUILD_CFLAGS := $(IPATH)
+DEBUG = -g #-DDEBUG
+WARNINGS=-Wall -Wwrite-strings \
+        -Wpointer-arith -Wcast-qual -Wcast-align \
+        -Wstrict-prototypes -Wmissing-prototypes \
+        -Wnested-externs -Winline -Wshadow
+LD=$(CC) -Wl,-x -shared
+LDFLAGS ?= #-g
+LIBCAPLIB := -L$(topdir)/libcap -lcap
+PSXLINKFLAGS :=  -lpthread -Wl,-wrap,pthread_create
+LIBPSXLIB := -L$(topdir)/libcap -lpsx $(PSXLINKFLAGS)
+
+BUILD_GPERF := $(shell which gperf >/dev/null 2>/dev/null && echo yes)
+
+SYSTEM_HEADERS = /usr/include
+INCS=$(topdir)/libcap/include/sys/capability.h
+LDFLAGS += -L$(topdir)/libcap
+CFLAGS += -Dlinux $(WARNINGS) $(DEBUG)
+INDENT := $(shell if [ -n "$$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi)
+
+# SHARED tracks whether or not the SHARED libraries (libcap.so,
+# libpsx.so and pam_cap.so) are built. (Some environments don't
+# support shared libraries.)
+SHARED ?= yes
+# DYNAMIC controls how capsh etc are linked - to shared or static libraries
+DYNAMIC := $(shell if [ ! -d "$(topdir)/.git" ]; then echo $(SHARED); else echo no ; fi)
+
+PAM_CAP ?= $(shell if [ -f /usr/include/security/pam_modules.h ]; then echo $(SHARED) ; else echo no ; fi)
+
+# If your system does not support pthreads, override this as "no".
+#
+#    make PTHREADS=no ...
+#
+# This implies no Go support and no C/C++ libpsx build. Why might you
+# need libpsx for non-Go use? Tl;dr for POSIX semantics security:
+#
+#    https://sites.google.com/site/fullycapable/who-ordered-libpsx
+#
+PTHREADS ?= yes
+
+ifeq ($(PTHREADS),yes)
+GO ?= go
+GOLANG ?= $(shell if [ -n "$(shell $(GO) version 2>/dev/null)" ]; then echo yes ; else echo no ; fi)
+ifeq ($(GOLANG),yes)
+GOROOT ?= $(shell $(GO) env GOROOT)
+GOCGO ?= $(shell if [ "$(shell $(GO) env CGO_ENABLED)" = 1 ]; then echo yes ; else echo no ; fi)
+GOOSARCH ?= $(shell $(GO) env GOHOSTOS)_$(shell $(GO) env GOHOSTARCH)
+CGO_REQUIRED=$(shell $(topdir)/go/cgo-required.sh $(GO))
+ifeq ($(CGO_REQUIRED),1)
+# Strictly speaking go1.15 doesn't need this, but 1.16 is when the
+# real golang support arrives for non-cgo support, so drop the last
+# vestige of legacy workarounds then.
+CGO_LDFLAGS_ALLOW := -Wl,-?-wrap[=,][^-.@][^,]*
+endif
+CGO_CFLAGS := -I$(topdir)/libcap/include
+CGO_LDFLAGS := -L$(topdir)/libcap
+endif
+endif
+
+# If you want capsh to launch with something other than /bin/bash
+# build like this:
+#
+#   make CAPSH_SHELL='-DSHELL=\"/bin/sh\"'
+#
+# or undefine the following:
+#CAPSH_SHELL := '-DSHELL="/bin/sh"'
+
+# When installing setcap, you can arrange for the installation process
+# to set its inheritable bit to be able to place capabilities on files.
+# It can be used in conjunction with pam_cap (associated with su and
+# certain users say) to make it useful for specially blessed users.
+#
+#    make RAISE_SETFCAP=yes install
+#
+# This is now defaulted to no because some distributions have started
+# shipping with all users blessed with full inheritable sets which makes
+# no sense whatsoever!
+#
+# Indeed, it looks alarmingly like these distributions are recreating
+# the environment for what became known as the sendmail-capabilities
+# bug from 2000:
+#
+#  https://sites.google.com/site/fullycapable/Home/thesendmailcapabilitiesissue
+#
+# they are also nullifying the difference between a p-bit and an i-bit.
+#
+# Folk really should read this document, which explains there is a really
+# important difference being lost here:
+#
+#  https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/33528.pdf
+#
+# In the context of this tree, on such such systems, a yes setting will
+# guarantee that every user, by default, is able to bless any binary with
+# any capability - a ready made local exploit machanism.
+RAISE_SETFCAP := no
+
+# If set to yes, this will cause the go "web" demo app to force the needed p
+# bit to be able to bind to port 80 without running as root.
+RAISE_GO_FILECAP := no
+
+# Global cleanup stuff
+
+LOCALCLEAN=rm -f *~ core
+DISTCLEAN=@find . \( -name '*.orig' -o -name '*.rej' \) | xargs rm -f
Index: libcap/include/sys/capability.h
===================================================================
--- libcap/include/sys/capability.h	(nonexistent)
+++ libcap/include/sys/capability.h	(revision 5)
@@ -0,0 +1,216 @@
+/*
+ * <sys/capability.h>
+ *
+ * Copyright (C) 1997   Aleph One
+ * Copyright (C) 1997,8, 2008,19,20 Andrew G. Morgan <morgan@kernel.org>
+ *
+ * defunct POSIX.1e Standard: 25.2 Capabilities           <sys/capability.h>
+ */
+
+#ifndef _SYS_CAPABILITY_H
+#define _SYS_CAPABILITY_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * This file complements the kernel file by providing prototype
+ * information for the user library.
+ */
+
+#include <linux/types.h>
+#include <stdint.h>
+#include <sys/types.h>
+
+#ifndef __user
+#define __user
+#endif
+#include <linux/capability.h>
+
+/*
+ * POSIX capability types
+ */
+
+/*
+ * Opaque capability handle (defined internally by libcap)
+ * internal capability representation
+ */
+typedef struct _cap_struct *cap_t;
+
+/* "external" capability representation is a (void *) */
+
+/*
+ * This is the type used to identify capabilities
+ */
+
+typedef int cap_value_t;
+
+/*
+ * libcap initialized first unnamed capability of the running kernel.
+ * capsh includes a runtime test to flag when this is larger than
+ * what is known to libcap... Time for a new libcap release!
+ */
+extern cap_value_t cap_max_bits(void);
+
+/*
+ * Set identifiers
+ */
+typedef enum {
+    CAP_EFFECTIVE = 0,                 /* Specifies the effective flag */
+    CAP_PERMITTED = 1,                 /* Specifies the permitted flag */
+    CAP_INHERITABLE = 2                /* Specifies the inheritable flag */
+} cap_flag_t;
+
+typedef enum {
+    CAP_IAB_INH = 2,
+    CAP_IAB_AMB = 3,
+    CAP_IAB_BOUND = 4
+} cap_iab_vector_t;
+
+/*
+ * An opaque generalization of the inheritable bits that includes both
+ * what ambient bits to raise and what bounding bits to *lower* (aka
+ * drop).  None of these bits once set, using cap_iab_set(), affect
+ * the running process but are consulted, through the execve() system
+ * call, by the kernel. Note, the ambient bits ('A') of the running
+ * process are fragile with respect to other aspects of the "posix"
+ * (cap_t) operations: most importantly, 'A' cannot ever hold bits not
+ * present in the intersection of 'pI' and 'pP'. The kernel
+ * immediately drops all ambient caps whenever such a situation
+ * arises. Typically, the ambient bits are used to support a naive
+ * capability inheritance model - at odds with the POSIX (sic) model
+ * of inheritance where inherited (pI) capabilities need to also be
+ * wanted by the executed binary (fI) in order to become raised
+ * through exec.
+ */
+typedef struct cap_iab_s *cap_iab_t;
+
+/*
+ * These are the states available to each capability
+ */
+typedef enum {
+    CAP_CLEAR=0,                            /* The flag is cleared/disabled */
+    CAP_SET=1                                    /* The flag is set/enabled */
+} cap_flag_value_t;
+
+/*
+ * User-space capability manipulation routines
+ */
+typedef unsigned cap_mode_t;
+#define CAP_MODE_UNCERTAIN    ((cap_mode_t) 0)
+#define CAP_MODE_NOPRIV       ((cap_mode_t) 1)
+#define CAP_MODE_PURE1E_INIT  ((cap_mode_t) 2)
+#define CAP_MODE_PURE1E       ((cap_mode_t) 3)
+
+/* libcap/cap_alloc.c */
+extern cap_t      cap_dup(cap_t);
+extern int        cap_free(void *);
+extern cap_t      cap_init(void);
+extern cap_iab_t  cap_iab_init(void);
+
+/* libcap/cap_flag.c */
+extern int     cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *);
+extern int     cap_set_flag(cap_t, cap_flag_t, int, const cap_value_t *,
+			    cap_flag_value_t);
+extern int     cap_clear(cap_t);
+extern int     cap_clear_flag(cap_t, cap_flag_t);
+
+extern cap_flag_value_t cap_iab_get_vector(cap_iab_t, cap_iab_vector_t,
+					 cap_value_t);
+extern int     cap_iab_set_vector(cap_iab_t, cap_iab_vector_t, cap_value_t,
+				cap_flag_value_t);
+extern int     cap_iab_fill(cap_iab_t, cap_iab_vector_t, cap_t, cap_flag_t);
+
+/* libcap/cap_file.c */
+extern cap_t   cap_get_fd(int);
+extern cap_t   cap_get_file(const char *);
+extern uid_t   cap_get_nsowner(cap_t);
+extern int     cap_set_fd(int, cap_t);
+extern int     cap_set_file(const char *, cap_t);
+extern int     cap_set_nsowner(cap_t, uid_t);
+
+/* libcap/cap_proc.c */
+extern cap_t   cap_get_proc(void);
+extern cap_t   cap_get_pid(pid_t);
+extern int     cap_set_proc(cap_t);
+
+extern int     cap_get_bound(cap_value_t);
+extern int     cap_drop_bound(cap_value_t);
+#define CAP_IS_SUPPORTED(cap)  (cap_get_bound(cap) >= 0)
+
+extern int     cap_get_ambient(cap_value_t);
+extern int     cap_set_ambient(cap_value_t, cap_flag_value_t);
+extern int     cap_reset_ambient(void);
+#define CAP_AMBIENT_SUPPORTED() (cap_get_ambient(CAP_CHOWN) >= 0)
+
+/* libcap/cap_extint.c */
+extern ssize_t cap_size(cap_t);
+extern ssize_t cap_copy_ext(void *, cap_t, ssize_t);
+extern cap_t   cap_copy_int(const void *);
+
+/* libcap/cap_text.c */
+extern cap_t   cap_from_text(const char *);
+extern char *  cap_to_text(cap_t, ssize_t *);
+extern int     cap_from_name(const char *, cap_value_t *);
+extern char *  cap_to_name(cap_value_t);
+
+extern char *     cap_iab_to_text(cap_iab_t iab);
+extern cap_iab_t  cap_iab_from_text(const char *text);
+
+#define CAP_DIFFERS(result, flag)  (((result) & (1 << (flag))) != 0)
+extern int     cap_compare(cap_t, cap_t);
+
+/* libcap/cap_proc.c */
+extern void cap_set_syscall(long int (*new_syscall)(long int,
+				long int, long int, long int),
+			    long int (*new_syscall6)(long int,
+				long int, long int, long int,
+				long int, long int, long int));
+
+extern int cap_set_mode(cap_mode_t flavor);
+extern cap_mode_t cap_get_mode(void);
+extern const char *cap_mode_name(cap_mode_t flavor);
+
+extern unsigned cap_get_secbits(void);
+extern int cap_set_secbits(unsigned bits);
+
+extern int cap_setuid(uid_t uid);
+extern int cap_setgroups(gid_t gid, size_t ngroups, const gid_t groups[]);
+
+extern cap_iab_t cap_iab_get_proc(void);
+extern int cap_iab_set_proc(cap_iab_t iab);
+
+typedef struct cap_launch_s *cap_launch_t;
+
+extern cap_launch_t cap_new_launcher(const char *arg0, const char * const *argv,
+				     const char * const *envp);
+extern void cap_launcher_callback(cap_launch_t attr,
+				  int (callback_fn)(void *detail));
+extern void cap_launcher_setuid(cap_launch_t attr, uid_t uid);
+extern void cap_launcher_setgroups(cap_launch_t attr, gid_t gid,
+				   int ngroups, const gid_t *groups);
+extern void cap_launcher_set_mode(cap_launch_t attr, cap_mode_t flavor);
+extern cap_iab_t cap_launcher_set_iab(cap_launch_t attr, cap_iab_t iab);
+extern void cap_launcher_set_chroot(cap_launch_t attr, const char *chroot);
+extern pid_t cap_launch(cap_launch_t attr, void *data);
+
+/*
+ * system calls - look to libc for function to system call
+ * mapping. Note, libcap does not use capset directly, but permits the
+ * cap_set_syscall() to redirect the system call function.
+ */
+extern int capget(cap_user_header_t header, cap_user_data_t data);
+extern int capset(cap_user_header_t header, const cap_user_data_t data);
+
+/* deprecated - use cap_get_pid() */
+extern int capgetp(pid_t pid, cap_t cap_d);
+
+/* not valid with filesystem capability support - use cap_set_proc() */
+extern int capsetp(pid_t pid, cap_t cap_d);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _SYS_CAPABILITY_H */
Index: libcap/include/sys
===================================================================
--- libcap/include/sys	(nonexistent)
+++ libcap/include/sys	(revision 5)

Property changes on: libcap/include/sys
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: libcap/include
===================================================================
--- libcap/include	(nonexistent)
+++ libcap/include	(revision 5)

Property changes on: libcap/include
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: libcap
===================================================================
--- libcap	(nonexistent)
+++ libcap	(revision 5)

Property changes on: libcap
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: .
===================================================================
--- .	(nonexistent)
+++ .	(revision 5)

Property changes on: .
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~