diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2022-10-29 19:21:12 +0200 |
---|---|---|
committer | BenBE <BenBE@geshi.org> | 2023-02-05 00:24:13 +0100 |
commit | e3481a9846ef01bb27c169b71eafeee704e10c68 (patch) | |
tree | 47e5003f85875872813677895b7fa298d14af269 | |
parent | 8ea144df7494bad0c46d3bf4f16c9a6556c500d2 (diff) |
Linux: highlight username if process has elevated privileges
Highlight processes started from binaries with file capabilities set,
like kwin_wayland, or retaining Linux capabilities, via the ambient set,
after switching from the root user, e.g. rtkit.
-rw-r--r-- | CRT.c | 6 | ||||
-rw-r--r-- | CRT.h | 1 | ||||
-rw-r--r-- | Process.c | 4 | ||||
-rw-r--r-- | Process.h | 7 | ||||
-rw-r--r-- | linux/LinuxProcessList.c | 8 |
5 files changed, 25 insertions, 1 deletions
@@ -157,6 +157,7 @@ static int CRT_colorSchemes[LAST_COLORSCHEME][LAST_COLORELEMENT] = { [PROCESS_THREAD_BASENAME] = A_BOLD | ColorPair(Green, Black), [PROCESS_COMM] = ColorPair(Magenta, Black), [PROCESS_THREAD_COMM] = A_BOLD | ColorPair(Blue, Black), + [PROCESS_PRIV] = ColorPair(Magenta, Black), [BAR_BORDER] = A_BOLD, [BAR_SHADOW] = A_BOLD | ColorPairGrayBlack, [SWAP] = ColorPair(Red, Black), @@ -264,6 +265,7 @@ static int CRT_colorSchemes[LAST_COLORSCHEME][LAST_COLORELEMENT] = { [PROCESS_THREAD_BASENAME] = A_REVERSE, [PROCESS_COMM] = A_BOLD, [PROCESS_THREAD_COMM] = A_REVERSE, + [PROCESS_PRIV] = A_BOLD, [BAR_BORDER] = A_BOLD, [BAR_SHADOW] = A_DIM, [SWAP] = A_BOLD, @@ -371,6 +373,7 @@ static int CRT_colorSchemes[LAST_COLORSCHEME][LAST_COLORELEMENT] = { [PROCESS_THREAD_BASENAME] = A_BOLD | ColorPair(Blue, White), [PROCESS_COMM] = ColorPair(Magenta, White), [PROCESS_THREAD_COMM] = ColorPair(Green, White), + [PROCESS_PRIV] = ColorPair(Magenta, White), [BAR_BORDER] = ColorPair(Blue, White), [BAR_SHADOW] = ColorPair(Black, White), [SWAP] = ColorPair(Red, White), @@ -478,6 +481,7 @@ static int CRT_colorSchemes[LAST_COLORSCHEME][LAST_COLORELEMENT] = { [PROCESS_THREAD_BASENAME] = A_BOLD | ColorPair(Blue, Black), [PROCESS_COMM] = ColorPair(Magenta, Black), [PROCESS_THREAD_COMM] = ColorPair(Yellow, Black), + [PROCESS_PRIV] = ColorPair(Magenta, Black), [BAR_BORDER] = ColorPair(Blue, Black), [BAR_SHADOW] = ColorPairGrayBlack, [SWAP] = ColorPair(Red, Black), @@ -585,6 +589,7 @@ static int CRT_colorSchemes[LAST_COLORSCHEME][LAST_COLORELEMENT] = { [PROCESS_THREAD_BASENAME] = A_BOLD | ColorPair(Green, Blue), [PROCESS_COMM] = ColorPair(Magenta, Blue), [PROCESS_THREAD_COMM] = ColorPair(Black, Blue), + [PROCESS_PRIV] = ColorPair(Magenta, Blue), [BAR_BORDER] = A_BOLD | ColorPair(Yellow, Blue), [BAR_SHADOW] = ColorPair(Cyan, Blue), [SWAP] = ColorPair(Red, Blue), @@ -692,6 +697,7 @@ static int CRT_colorSchemes[LAST_COLORSCHEME][LAST_COLORELEMENT] = { [PROCESS_LOW_PRIORITY] = ColorPair(Green, Black), [PROCESS_NEW] = ColorPair(Black, Green), [PROCESS_TOMB] = ColorPair(Black, Red), + [PROCESS_PRIV] = ColorPair(Magenta, Black), [BAR_BORDER] = A_BOLD | ColorPair(Green, Black), [BAR_SHADOW] = ColorPair(Cyan, Black), [SWAP] = ColorPair(Red, Black), @@ -85,6 +85,7 @@ typedef enum ColorElements_ { PROCESS_THREAD_BASENAME, PROCESS_COMM, PROCESS_THREAD_COMM, + PROCESS_PRIV, BAR_BORDER, BAR_SHADOW, GRAPH_1, @@ -1020,7 +1020,9 @@ void Process_writeField(const Process* this, RichString* str, ProcessField field } break; case USER: - if (Process_getuid != this->st_uid) + if (this->elevated_priv) + attr = CRT_colors[PROCESS_PRIV]; + else if (Process_getuid != this->st_uid) attr = CRT_colors[PROCESS_SHADOW]; if (this->user) { @@ -151,6 +151,13 @@ typedef struct Process_ { /* User name */ const char* user; + /* Non root owned process with elevated privileges + * Linux: + * - from file capabilities + * - inherited from the ambient set + */ + bool elevated_priv; + /* Process runtime (in hundredth of a second) */ unsigned long long int time; diff --git a/linux/LinuxProcessList.c b/linux/LinuxProcessList.c index 0576dd67..24b7ea98 100644 --- a/linux/LinuxProcessList.c +++ b/linux/LinuxProcessList.c @@ -568,6 +568,14 @@ static bool LinuxProcessList_readStatusFile(Process* process, openat_arg_t procF if (pid_ns_count > 1) process->isRunningInContainer = true; + } else if (String_startsWith(buffer, "CapPrm:")) { + char* ptr = buffer + strlen("CapPrm:"); + while (*ptr == ' ' || *ptr == '\t') + ptr++; + + uint64_t cap_permitted = fast_strtoull_hex(&ptr, 16); + process->elevated_priv = cap_permitted != 0 && process->st_uid != 0; + } else if (String_startsWith(buffer, "voluntary_ctxt_switches:")) { unsigned long vctxt; int ok = sscanf(buffer, "voluntary_ctxt_switches:\t%lu", &vctxt); |