diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/cage/README | 8 | ||||
| -rw-r--r-- | system/cage/README.SLACKWARE | 22 | ||||
| -rw-r--r-- | system/cage/cage.SlackBuild | 89 | ||||
| -rw-r--r-- | system/cage/cage.info | 10 | ||||
| -rw-r--r-- | system/cage/slack-desc | 19 |
5 files changed, 0 insertions, 148 deletions
diff --git a/system/cage/README b/system/cage/README deleted file mode 100644 index bcda6fef20..0000000000 --- a/system/cage/README +++ /dev/null @@ -1,8 +0,0 @@ -cage was wtitten to be a creator of unbreakable padded cells for untrusted -applications. It can be used to chroot programs that want to run as root. -For that to work though either sysvinit or the kernel need to be patched and -recompiled (instructions on how to go about this are included in /usr/doc). - -However since filesystem capabilities are implemented it can also be used -as a 'su' command with inheritance support, similar to the 'capsh' command -from the libcap package (but featuring chroot support). See README.SLACKWARE diff --git a/system/cage/README.SLACKWARE b/system/cage/README.SLACKWARE deleted file mode 100644 index 3cac4ce8e5..0000000000 --- a/system/cage/README.SLACKWARE +++ /dev/null @@ -1,22 +0,0 @@ -For example: - -root@pc:~# chmod 0755 /bin/ping -root@pc:~# setcap 'cap_net_raw=ie' /bin/ping - -root@pc:~# su menno -menno@pc:/root$ ping -c1 www.zonnet.nl -ping: icmp open socket: Operation not permitted -menno@pc:/root$ exit - -root@pc:~# cage -u 1000 -c 'cap_setuid=pe cap_net_raw=pie' / /bin/sh -menno@pc:/$ ping -c1 www.zonnet.nl -PING www.zonnet.nl (62.58.50.202) 56(84) bytes of data. -64 bytes from www.tele2.nl (62.58.50.202): icmp_seq=1 ttl=116 time=27.0 ms - ---- www.zonnet.nl ping statistics --- -1 packets transmitted, 1 received, 0% packet loss, time 0ms -rtt min/avg/max/mdev = 27.054/27.054/27.054/0.000 ms -menno@pc:/$ /sbin/getpcaps $$ -Capabilities for `7242': = cap_net_raw+i -menno@pc:/$ exit - diff --git a/system/cage/cage.SlackBuild b/system/cage/cage.SlackBuild deleted file mode 100644 index 02661f5533..0000000000 --- a/system/cage/cage.SlackBuild +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/sh - -# Slackware build script for cage - -# Written by Menno Duursma <druiloor@zonnet.nl> - -# This program is free software. It comes without any warranty. -# Granted WTFPL, Version 2, as published by Sam Hocevar. See -# http://sam.zoy.org/wtfpl/COPYING for more details. - -PRGNAM=cage -VERSION=${VERSION:-0.80} -BUILD=${BUILD:-1} -TAG=${TAG:-_SBo} - -# Automatically determine the architecture we're building on: -if [ -z "$ARCH" ]; then - case "$( uname -m )" in - i?86) ARCH=i486 ;; - arm*) ARCH=arm ;; - # Unless $ARCH is already set, use uname -m for all other archs: - *) ARCH=$( uname -m ) ;; - esac -fi - -CWD=$(pwd) -TMP=${TMP:-/tmp/SBo} -PKG=$TMP/package-$PRGNAM -OUTPUT=${OUTPUT:-/tmp} - -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" - LIBDIRSUFFIX="64" -else - SLKCFLAGS="-O2" - LIBDIRSUFFIX="" -fi - -set -e # Exit on most errors - -rm -rf $PKG -mkdir -p $TMP $PKG $OUTPUT -cd $TMP -rm -rf $PRGNAM-$VERSION -tar xvf $CWD/$PRGNAM-$VERSION.tar.gz -cd $PRGNAM-$VERSION -chown -R root:root . -find . \ - \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ - -exec chmod 755 {} \; -o \ - \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ - -exec chmod 644 {} \; - -CFLAGS="$SLKCFLAGS" \ -./configure \ - --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --mandir=/usr/man \ - --build=$ARCH-slackware-linux - -make CFLAGS="$SLKCFLAGS" -make install DESTDIR=$PKG - -find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ - | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true - -( cd $PKG/usr/man - find . -type f -exec gzip -9 {} \; - for i in $( find . -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done -) - -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a INSTALL COPYING README* Attic poc $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild -cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE - -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc - -cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/cage/cage.info b/system/cage/cage.info deleted file mode 100644 index bfd106e8d2..0000000000 --- a/system/cage/cage.info +++ /dev/null @@ -1,10 +0,0 @@ -PRGNAM="cage" -VERSION="0.80" -HOMEPAGE="http://killa.net/infosec/cage/" -DOWNLOAD="http://killa.net/infosec/cage/cage-0.80.tar.gz" -MD5SUM="c2ee362a8ea8044834aa82ba148030ef" -DOWNLOAD_x86_64="" -MD5SUM_x86_64="" -MAINTAINER="Menno Duursma" -EMAIL="druiloor@zonnet.nl" -APPROVED="rworkman" diff --git a/system/cage/slack-desc b/system/cage/slack-desc deleted file mode 100644 index da621b51d5..0000000000 --- a/system/cage/slack-desc +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also -# customary to leave one space after the ':'. - - |-----handy-ruler---------------------------------------------------| -cage: Cage (su+chroot with capabilities support) -cage: -cage: On stock systems this can be used as a 'chrootuid' utility with caps. -cage: In case patches are applied to the system it can be used to creat -cage: padded cells for untrusted applications. -cage: -cage: cage was wtitten by Anthony D. Urso -cage: -cage: -cage: -cage: |