From e3481a9846ef01bb27c169b71eafeee704e10c68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Sat, 29 Oct 2022 19:21:12 +0200
Subject: Linux: highlight username if process has elevated privileges

Highlight processes started from binaries with file capabilities set,
like kwin_wayland, or retaining Linux capabilities, via the ambient set,
after switching from the root user, e.g. rtkit.
---
 linux/LinuxProcessList.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'linux/LinuxProcessList.c')

diff --git a/linux/LinuxProcessList.c b/linux/LinuxProcessList.c
index 0576dd67..24b7ea98 100644
--- a/linux/LinuxProcessList.c
+++ b/linux/LinuxProcessList.c
@@ -568,6 +568,14 @@ static bool LinuxProcessList_readStatusFile(Process* process, openat_arg_t procF
          if (pid_ns_count > 1)
             process->isRunningInContainer = true;
 
+      } else if (String_startsWith(buffer, "CapPrm:")) {
+         char* ptr = buffer + strlen("CapPrm:");
+         while (*ptr == ' ' || *ptr == '\t')
+            ptr++;
+
+         uint64_t cap_permitted = fast_strtoull_hex(&ptr, 16);
+         process->elevated_priv = cap_permitted != 0 && process->st_uid != 0;
+
       } else if (String_startsWith(buffer, "voluntary_ctxt_switches:")) {
          unsigned long vctxt;
          int ok = sscanf(buffer, "voluntary_ctxt_switches:\t%lu", &vctxt);
-- 
cgit v1.2.3