#include <errno.h>#include <ctype.h>#include <fcntl.h>#include <unistd.h>#in

1. #include <errno.h>
2. #include <ctype.h>
3. #include <fcntl.h>
4. #include <unistd.h>
5. #include <stdlib.h>
6. #include <stdio.h>
7. #include <limits.h>
8.  
9. #include <grp.h>
10. #include <pwd.h>
11.  
12. #include <sys/types.h>
13. #include <sys/stat.h>
14.  
15. #include <sys/capability.h>
16. #include <sys/prctl.h>
17. #include <sys/syscall.h>
18.  
19. void print_process_info(void)
20. {
21. gid_t rgid, egid, sgid;
22. pid_t pgid, pid, ppid, sid;
23. uid_t ruid, euid, suid;
24.  
25. int ngroups = NGROUPS_MAX, j;
26. gid_t *groups;
27. struct passwd *pw;
28. struct group *gr;
29.  
30. cap_t caps;
31. char *caps_text;
32.  
33. /*
34. * PID: Each process has a unique nonnegative integer identifier that is
35. * assigned when the process is created using fork(2).
36. *
37. * A process's PID is preserved across an execve(2)
38. */
39. pid = getpid();
40.  
41. /*
42. * PPID: A process's parent process ID identifies the process that created
43. * this process using fork(2).
44. *
45. * A process's PPID is preserved across an execve(2)
46. */
47. ppid = getppid();
48.  
49. fprintf(stderr, "PID: %d, Parent PID: %d\n", pid, ppid);
50.  
51. /*
52. * A process group (sometimes called a "job") is a
53. * collection of processes that share the same process group ID; the
54. * shell creates a new process group for the process(es) used to execute
55. * single command or pipeline (e.g., the two processes created to
56. * execute the command "ls | wc" are placed in the same process group).
57. */
58. pgid = getpgrp();
59.  
60. /*
61. * A session is a collection of processes that share the same session
62. * ID. All of the members of a process group also have the same session
63. * ID (i.e., all of the members of a process group always belong to the
64. * same session, so that sessions and process groups form a strict two-
65. * level hierarchy of processes.) A new session is created when a
66. * process calls setsid(2), which creates a new session whose session ID
67. * is the same as the PID of the process that called setsid(2). The
68. * creator of the session is called the session leader.
69. */
70. sid = getsid(pid);
71.  
72. fprintf(stderr, "Process GID: %d, Session ID: %d\n", pgid, sid);
73.  
74. /*
75. * - Real user ID and real group ID. These IDs determine who owns the
76. * process.
77. *
78. * - Effective user ID and effective group ID. These IDs are used by
79. * the kernel to determine the permissions that the process will have
80. * when accessing shared resources such as message queues, shared
81. * memory, and semaphores. On most UNIX systems, these IDs also
82. * determine the permissions when accessing files. However, Linux
83. * uses the filesystem IDs described below for this task.
84. *
85. * - Saved set-user-ID and saved set-group-ID. These IDs are used in
86. * set-user-ID and set-group-ID programs to save a copy of the
87. * corresponding effective IDs that were set when the program was
88. * executed (see execve(2)). A set-user-ID program can assume and
89. * drop privileges by switching its effective user ID back and forth
90. * between the values in its real user ID and saved set-user-ID.
91. * This switching is done via calls to seteuid(2), setreuid(2), or
92. * setresuid(2). A set-group-ID program performs the analogous tasks
93. * using setegid(2), setregid(2), or setresgid(2).
94. */
95.  
96. getresuid(&ruid, &euid, &suid);
97. getresgid(&rgid, &egid, &sgid);
98.  
99. fprintf(stderr, "Real UID: %d, Effective UID: %d, Set-User UID: %d\n", ruid, euid, suid);
100. fprintf(stderr, "Real GID: %d, Effective GID: %d, Set-User GID: %d\n", rgid, egid, sgid);
101.  
102. /*
103. * Supplementary group IDs. This is a set of additional group IDs
104. * that are used for permission checks when accessing files and other
105. * shared resources.
106. */
107. groups = malloc(ngroups * sizeof(gid_t));
108. if(groups == NULL) {
109. perror("malloc memory for groups");
110. return;
111. }
112.  
113. pw = getpwuid(ruid);
114. if(pw == NULL) {
115. perror("get passwd structure for our UID");
116. free(groups);
117. return;
118. }
119.  
120. if(getgrouplist((const char *)pw->pw_name, pw->pw_gid, groups, &ngroups) == -1) {
121. fprintf(stderr, "getgrouplist() returned -1; ngroups = %d\n", ngroups);
122. free(groups);
123. } else {
124. fprintf(stderr, "Get %d supplementary group IDs\n", ngroups);
125. for (j = 0; j < ngroups; j++) {
126. fprintf(stderr, "%d", groups[j]);
127. gr = getgrgid(groups[j]);
128. if (gr != NULL)
129. fprintf(stderr, " (%s)", gr->gr_name);
130. fprintf(stderr, "\n");
131. }
132.  
133. free(groups);
134. }
135.  
136. /*
137. * For the purpose of performing permission checks, traditional UNIX
138. * implementations distinguish two categories of processes: privileged
139. * processes (whose effective user ID is 0, referred to as superuser or
140. * root), and unprivileged processes (whose effective UID is nonzero).
141. * Privileged processes bypass all kernel permission checks, while
142. * unprivileged processes are subject to full permission checking based
143. * on the process's credentials (usually: effective UID, effective GID,
144. * and supplementary group list).
145. */
146.  
147. caps = cap_get_proc();
148. caps_text = cap_to_text(caps, NULL);
149. if(!caps_text) {
150. fprintf(stderr, "unable to parse caps\n");
151. cap_free(caps);
152. return;
153. }
154.  
155. fprintf(stderr, "Capabilities: %s\n", caps_text);
156. cap_free(caps);
157. cap_free(caps_text);
158.  
159. }