bin/108523: [patch] daemon(8): support for dropping privileges
Dmitri Alenitchev
dmitri at dworlds.ru
Mon Jan 29 18:40:17 UTC 2007
>Number: 108523
>Category: bin
>Synopsis: [patch] daemon(8): support for dropping privileges
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 29 18:40:15 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Dmitri Alenitchev
>Release: FreeBSD 5.4-RELEASE i386
>Organization:
Digital Worlds J.S.C.
>Environment:
System: FreeBSD opay.ru 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 root at harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
support for dropping privileges to specified user and/or group
>How-To-Repeat:
>Fix:
--- freebsd-daemon.diff begins here ---
Index: daemon.8
===================================================================
RCS file: /home/ncvs/src/usr.sbin/daemon/daemon.8,v
retrieving revision 1.7
diff -u -r1.7 daemon.8
--- daemon.8 24 Aug 2005 17:24:39 -0000 1.7
+++ daemon.8 29 Jan 2007 08:46:53 -0000
@@ -35,13 +35,16 @@
.Sh SYNOPSIS
.Nm
.Op Fl cf
+.Op Fl u Ar user
+.Op Fl g Ar group
.Op Fl p Ar pidfile
.Ar command arguments ...
.Sh DESCRIPTION
The
.Nm
utility detaches itself from the controlling terminal and
-executes the program specified by its arguments.
+executes the program specified by its arguments. Privileges can
+be lowered to specified user and/or group.
.Pp
The options are as follows:
.Bl -tag -width indent
@@ -51,6 +54,10 @@
.It Fl f
Redirect standard input, standard output and standard error to
.Pa /dev/null .
+.It Fl u Ar user
+Drop privileges to specified user.
+.It Fl g Ar group
+Drop privileges to specified group.
.It Fl p Ar file
Write the ID of the created process into the
.Ar file
@@ -77,6 +84,8 @@
.Fl f
flag is specified.
.Sh SEE ALSO
+.Xr setregid 2 ,
+.Xr setreuid 2 ,
.Xr daemon 3 ,
.Xr exec 3 ,
.Xr pidfile 3 ,
Index: daemon.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/daemon/daemon.c,v
retrieving revision 1.4
diff -u -r1.4 daemon.c
--- daemon.c 24 Aug 2005 17:24:39 -0000 1.4
+++ daemon.c 29 Jan 2007 08:46:53 -0000
@@ -35,11 +35,14 @@
#include <err.h>
#include <errno.h>
+#include <pwd.h>
+#include <grp.h>
#include <libutil.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
+static void restrict_process(const char *, const char *);
static void usage(void);
int
@@ -47,12 +50,12 @@
{
struct pidfh *pfh;
int ch, nochdir, noclose, errcode;
- const char *pidfile;
+ const char *pidfile, *user, *group;
pid_t otherpid;
nochdir = noclose = 1;
- pidfile = NULL;
- while ((ch = getopt(argc, argv, "-cfp:")) != -1) {
+ pidfile = user = group = NULL;
+ while ((ch = getopt(argc, argv, "-cfu:g:p:")) != -1) {
switch (ch) {
case 'c':
nochdir = 0;
@@ -60,6 +63,12 @@
case 'f':
noclose = 0;
break;
+ case 'u':
+ user = optarg;
+ break;
+ case 'g':
+ group = optarg;
+ break;
case 'p':
pidfile = optarg;
break;
@@ -72,6 +81,14 @@
if (argc == 0)
usage();
+
+ if (user || group) {
+ if (geteuid() != 0)
+ errx(1, "Only root user is allowed to chroot & "
+ "change UID/GID");
+ restrict_process(user, group);
+ }
+
/*
* Try to open the pidfile before calling daemon(3),
* to be able to report the error intelligently
@@ -109,9 +126,32 @@
}
static void
+restrict_process(const char *user, const char *group)
+{
+ struct group *gr = NULL;
+ struct passwd *pw = NULL;
+ errno = 0;
+
+ if (group != NULL) {
+ if ((gr = getgrnam(group)) == NULL)
+ errx(1, "Group %s does not exist", group);
+ if (setregid(gr->gr_gid, gr->gr_gid) == -1)
+ err(1, "%s", group);
+ }
+
+ if (user != NULL) {
+ if ((pw = getpwnam(user)) == NULL)
+ errx(1, "User %s does not exist", user);
+ if (setreuid(pw->pw_uid, pw->pw_uid) == -1)
+ err(1, "%s", user);
+ }
+}
+
+static void
usage(void)
{
(void)fprintf(stderr,
- "usage: daemon [-cf] [-p pidfile] command arguments ...\n");
+ "usage: daemon [-cf] [-u user] [-g group] [-p pidfile] command "
+ "arguments ...\n");
exit(1);
}
--- freebsd-daemon.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list