Check if binary has capabilities set

rofl0r / proxychains-ng

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.

http://sourceforge.net/projects/proxychains-ng/files

GNU General Public License v2.0

9.82k stars 1.08k forks source link

Check if binary has capabilities set #566

Closed NicolaiSoeborg closed 5 months ago

NicolaiSoeborg commented 5 months ago

Spend ages trying to figure out why proxychains python ... didn't work, turns out I had given python the cap_net_bind_service capability (useful, but breaks proxychains due to LD_PRELOAD no longer working [1])

This hopefully fixes a bunch of hard to debug issues (like here). Could be extended to check for suid binaries, etc

[1] https://stackoverflow.com/questions/18058426/does-using-linux-capabilities-disable-ld-preload

rofl0r commented 5 months ago

your PR has several issues - for one it breaks build for everyone without libcap - since you only check whether the lib is there for the makefile, but not for main.c. next it has mixed tabs and spaces. then it probably only works if the full binary path is used, not when it's only in PATH. and finally, it opens a can of worms:

if we check for caps, then we should also check for setuid binaries, and for static linked binaries, and for binaries using a sandbox, etc etc. where do we draw the line ?

imo it makes more sense to write a troubleshooting guide for common reasons why proxychains can fail to work as expected. the wiki which is publicly editable would be a good place for this.