Date: Mon, 21 Mar 2011 22:36:49 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: freebsd-security@FreeBSD.org Subject: [pjd@FreeBSD.org: svn commit: r219847 - in head/sbin: hastctl hastd] Message-ID: <20110321213649.GH2086@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
--YrQNB5Deg1WGKZi3 Content-Type: multipart/mixed; boundary="tT3UgwmDxwvOMqfu" Content-Disposition: inline --tT3UgwmDxwvOMqfu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable FYI, it looks like HAST is the first capsicum consumer in the base.>:> --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://yomoli.com --tT3UgwmDxwvOMqfu Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <owner-src-committers@FreeBSD.org> X-Original-To: pawel@dawidek.net Delivered-To: pjd@mail.garage.freebsd.pl Received: from dawidek.net [83.12.187.60] by czort.dawidek.net with POP3 (fetchmail-6.3.16) for <pjd@localhost> (single-drop); Mon, 21 Mar 2011 22:32:45 +0100 (CET) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 5A95C45C89; Mon, 21 Mar 2011 22:32:26 +0100 (CET) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by mail.garage.freebsd.pl (Postfix) with ESMTP id 7E43445683 for <pawel@dawidek.net>; Mon, 21 Mar 2011 22:32:17 +0100 (CET) Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 6AC07153662 for <pawel@dawidek.net>; Mon, 21 Mar 2011 21:32:01 +0000 (UTC) Received: by hub.freebsd.org (Postfix) id DEE30106572E; Mon, 21 Mar 2011 21:31:59 +0000 (UTC) Delivered-To: pjd@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 538) id D27BD1065677; Mon, 21 Mar 2011 21:31:56 +0000 (UTC) Delivered-To: src-committers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F000106566B; Mon, 21 Mar 2011 21:31:51 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 4E2E08FC1C; Mon, 21 Mar 2011 21:31:51 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p2LLVp5v021443; Mon, 21 Mar 2011 21:31:51 GMT (envelope-from pjd@svn.freebsd.org) Received: (from pjd@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p2LLVpT3021437; Mon, 21 Mar 2011 21:31:51 GMT (envelope-from pjd@svn.freebsd.org) Message-Id: <201103212131.p2LLVpT3021437@svn.freebsd.org> From: Pawel Jakub Dawidek <pjd@FreeBSD.org> Date: Mon, 21 Mar 2011 21:31:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r219847 - in head/sbin: hastctl hastd X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: owner-src-committers@FreeBSD.org Precedence: bulk X-Loop: FreeBSD.ORG X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.5 tests=BAYES_00 autolearn=ham version=3.0.4 Author: pjd Date: Mon Mar 21 21:31:50 2011 New Revision: 219847 URL: http://svn.freebsd.org/changeset/base/219847 Log: When dropping privileges prefer capsicum over chroot+setgid+setuid. We can use capsicum for secondary worker processes and hastctl. When working as primary we drop privileges using chroot+setgid+setuid still as we need to send ioctl(2)s to ggate device, for which capsicum doesn't allow (yet). X-MFC after: capsicum is merged to stable/8 Modified: head/sbin/hastctl/hastctl.c head/sbin/hastd/primary.c head/sbin/hastd/secondary.c head/sbin/hastd/subr.c head/sbin/hastd/subr.h Modified: head/sbin/hastctl/hastctl.c ============================================================================== --- head/sbin/hastctl/hastctl.c Mon Mar 21 21:16:40 2011 (r219846) +++ head/sbin/hastctl/hastctl.c Mon Mar 21 21:31:50 2011 (r219847) @@ -480,9 +480,8 @@ main(int argc, char *argv[]) cfg->hc_controladdr); } - if (drop_privs() != 0) + if (drop_privs(true) != 0) exit(EX_CONFIG); - pjdlog_debug(1, "Privileges successfully dropped."); /* Send the command to the server... */ if (hast_proto_send(NULL, controlconn, nv, NULL, 0) < 0) { Modified: head/sbin/hastd/primary.c ============================================================================== --- head/sbin/hastd/primary.c Mon Mar 21 21:16:40 2011 (r219846) +++ head/sbin/hastd/primary.c Mon Mar 21 21:31:50 2011 (r219847) @@ -874,7 +874,7 @@ hastd_primary(struct hast_resource *res) init_ggate(res); init_environment(res); - if (drop_privs() != 0) { + if (drop_privs(true) != 0) { cleanup(res); exit(EX_CONFIG); } Modified: head/sbin/hastd/secondary.c ============================================================================== --- head/sbin/hastd/secondary.c Mon Mar 21 21:16:40 2011 (r219846) +++ head/sbin/hastd/secondary.c Mon Mar 21 21:31:50 2011 (r219847) @@ -440,7 +440,7 @@ hastd_secondary(struct hast_resource *re init_local(res); init_environment(); - if (drop_privs() != 0) + if (drop_privs(true) != 0) exit(EX_CONFIG); pjdlog_info("Privileges successfully dropped."); Modified: head/sbin/hastd/subr.c ============================================================================== --- head/sbin/hastd/subr.c Mon Mar 21 21:16:40 2011 (r219846) +++ head/sbin/hastd/subr.c Mon Mar 21 21:31:50 2011 (r219847) @@ -30,6 +30,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include <sys/capability.h> #include <sys/types.h> #include <sys/disk.h> #include <sys/ioctl.h> @@ -39,6 +40,7 @@ __FBSDID("$FreeBSD$"); #include <fcntl.h> #include <pwd.h> #include <stdarg.h> +#include <stdbool.h> #include <stdio.h> #include <string.h> #include <unistd.h> @@ -144,13 +146,22 @@ role2str(int role) } int -drop_privs(void) +drop_privs(bool usecapsicum) { struct passwd *pw; uid_t ruid, euid, suid; gid_t rgid, egid, sgid; gid_t gidset[1]; + if (usecapsicum) { + if (cap_enter() == 0) { + pjdlog_debug(1, + "Privileges successfully dropped using capsicum."); + return (0); + } + pjdlog_errno(LOG_WARNING, "Unable to sandbox using capsicum"); + } + /* * According to getpwnam(3) we have to clear errno before calling the * function to be able to distinguish between an error and missing @@ -208,5 +219,8 @@ drop_privs(void) PJDLOG_VERIFY(getgroups(1, gidset) == 1); PJDLOG_VERIFY(gidset[0] == pw->pw_gid); + pjdlog_debug(1, + "Privileges successfully dropped using chroot+setgid+setuid."); + return (0); } Modified: head/sbin/hastd/subr.h ============================================================================== --- head/sbin/hastd/subr.h Mon Mar 21 21:16:40 2011 (r219846) +++ head/sbin/hastd/subr.h Mon Mar 21 21:31:50 2011 (r219847) @@ -50,6 +50,6 @@ int snprlcat(char *str, size_t size, con int provinfo(struct hast_resource *res, bool dowrite); const char *role2str(int role); -int drop_privs(void); +int drop_privs(bool usecapsicum); #endif /* !_SUBR_H_ */ --tT3UgwmDxwvOMqfu-- --YrQNB5Deg1WGKZi3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk2HxPAACgkQForvXbEpPzTHaQCfXB5slsSiwR82zo3Ut9rea5lp 9VwAn1cZERwbUc/w3phdieC87yP02gSQ =sWeO -----END PGP SIGNATURE----- --YrQNB5Deg1WGKZi3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110321213649.GH2086>