Bug 214911 - Check if parameter value is valid for capsh
Summary: Check if parameter value is valid for capsh
Status: RESOLVED CODE_FIX
Alias: None
Product: Tools
Classification: Unclassified
Component: libcap (show other bugs)
Hardware: All Linux
: P1 enhancement
Assignee: Andrew G. Morgan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-02 06:52 UTC by meitingli
Modified: 2021-11-06 15:50 UTC (History)
1 user (show)

See Also:
Kernel Version: 4.19.90-2106.3.0.0095
Subsystem:
Regression: No
Bisected commit-id:

Attachments
help usage screenshot (76.18 KB, image/png)
2021-11-02 06:52 UTC, meitingli 		Details
Add an attachment (proposed patch, testcase, etc.)

Description meitingli 2021-11-02 06:52:52 UTC 
Created attachment 299397 [details]
help usage screenshot

Hello,

I execute command for capsh with parameter, such like uid, gid,keep... 

When I input paramter as negative number, it would be a big number.
$ capsh --uid=-5 -- -c "whoami"
whoami: cannot find name for user ID 5294967291


When I input paramter as character, it would be 0 and execute return by root.
$ capsh --uid=test -- -c "whoami"
root

Could you check the parameter value? I see in the help usage, some paramters are specify as number.

Thanks.
Comment 1 Andrew G. Morgan 2021-11-06 15:48:34 UTC 
Thanks for the bug report.

This is fixed with this commit (will be included in 2.61):

   https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=9c4997d6592e5daf046a6968ac83cf615c51fbe1

$ sudo ./capsh --uid=-5 -- -c "whoami"
invalid --uid value: want non-negative integer, got "-5"
$ sudo ./capsh --uid=test -- -c "whoami"
invalid --uid value: want non-negative integer, got "test"
$ sudo ./capsh --uid=1 -- -c "whoami"
daemon
Note You need to log in before you can comment on or make changes to this bug.