tctf25_capybattle_writeup/solution/setuid_fail/setuid_fail.bpf.c

#include "vmlinux.h"
#include <bpf/bpf_core_read.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>

char LICENSE[] SEC("license") = "GPL";

struct {
    __uint(type, BPF_MAP_TYPE_RINGBUF);
    __uint(max_entries, 256 * 1024);
} rb SEC(".maps");

#define EPERM 1

SEC("fmod_ret/__x64_sys_setuid")
long BPF_PROG(handle_setuid, struct pt_regs *regs, int ret)
{
    // Block the setuid call
    return -EPERM;
}