From 0d57997a19e1c11da128b190bc49c73ff244d6d5 Mon Sep 17 00:00:00 2001
From: mykola2312 <49044616+mykola2312@users.noreply.github.com>
Date: Sun, 21 Jul 2024 00:20:37 +0300
Subject: [PATCH] implement caps check for ptrace

---
 Makefile          |  2 +-
 include/process.h |  3 +++
 src/main.c        |  8 ++++++++
 src/process.c     | 24 ++++++++++++++++++++++++
 4 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 69d00dc..92b3421 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ BIN_DIR				=	bin
 CC					=	gcc
 LD					=	ld
 CFLAGS				=	-Wall -I$(INC_DIR)
-LDFLAGS				=
+LDFLAGS				=	-lcap
 
 BLACKJACK_SRC		=	main.c process.c
 BLACKJACK_OBJ		:=	$(addprefix $(OBJ_DIR)/,$(patsubst %.c,%.o,$(BLACKJACK_SRC)))
diff --git a/include/process.h b/include/process.h
index 8e663a4..0c40c6a 100644
--- a/include/process.h
+++ b/include/process.h
@@ -52,4 +52,7 @@ int is_considered_active(process_state_t state);
 // find any active (running) thread and returns 0 and success, otherwise non zero
 int find_active_thread(process_status_t* list, size_t count, process_status_t** thread);
 
+// check if this process has any capability or is ran as root to be able to ptrace attach
+int check_ptrace_permissions();
+
 #endif
\ No newline at end of file
diff --git a/src/main.c b/src/main.c
index 2fd8706..aba5ea9 100644
--- a/src/main.c
+++ b/src/main.c
@@ -71,5 +71,13 @@ int main(int argc, char** argv)
 
     free(threads);
     free(list);
+
+    if (!check_ptrace_permissions())
+    {
+        fputs("this process doesn't have permission to ptrace.\n", stderr);
+        fputs("either run as root or set caps.\n", stderr);
+        return 1;
+    }
+    
     return 0;
 }
\ No newline at end of file
diff --git a/src/process.c b/src/process.c
index d6ba9f9..5339171 100644
--- a/src/process.c
+++ b/src/process.c
@@ -1,6 +1,7 @@
 #define _DEFAULT_SOURCE
 #include "process.h"
 #include "debug.h"
+#include <sys/capability.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <dirent.h>
@@ -211,4 +212,27 @@ int find_active_thread(process_status_t* list, size_t count, process_status_t**
         }
     }
     return 1;
+}
+
+int check_ptrace_permissions()
+{
+    if (!geteuid())
+    {
+        // we're running as root
+        return 1;
+    }
+
+    // otherwise, check CAPS
+    cap_t cap = cap_get_pid(getpid());
+    cap_flag_value_t cap_flag_value;
+    
+    if (cap)
+    {
+        if (!cap_get_flag(cap, CAP_SYS_ADMIN, CAP_EFFECTIVE, &cap_flag_value))
+            if (cap_flag_value == CAP_SET) return 1;
+        if (!cap_get_flag(cap, CAP_SYS_ADMIN, CAP_PERMITTED, &cap_flag_value))
+            if (cap_flag_value == CAP_SET) return 1;
+    }
+
+    return 0;
 }
\ No newline at end of file