From owner-svn-src-all@FreeBSD.ORG Wed Jul 3 21:07:02 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id AB5ABF4B; Wed, 3 Jul 2013 21:07:02 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 83EF61867; Wed, 3 Jul 2013 21:07:02 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r63L72s3016460; Wed, 3 Jul 2013 21:07:02 GMT (envelope-from pjd@svn.freebsd.org) Received: (from pjd@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r63L72rV016459; Wed, 3 Jul 2013 21:07:02 GMT (envelope-from pjd@svn.freebsd.org) Message-Id: <201307032107.r63L72rV016459@svn.freebsd.org> From: Pawel Jakub Dawidek Date: Wed, 3 Jul 2013 21:07:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r252605 - head/usr.sbin/rwhod X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2013 21:07:02 -0000 Author: pjd Date: Wed Jul 3 21:07:02 2013 New Revision: 252605 URL: http://svnweb.freebsd.org/changeset/base/252605 Log: Sandbox rwhod(8) receiver process using capability mode and Capsicum capabilities. rwhod(8) receiver can now only receive packages, write to /var/rwho/ directory and log to syslog. Submitted by: Mariusz Zaborski Sponsored by: Google Summer of Code 2013 Reviewed by: pjd MFC after: 1 month Modified: head/usr.sbin/rwhod/rwhod.c Modified: head/usr.sbin/rwhod/rwhod.c ============================================================================== --- head/usr.sbin/rwhod/rwhod.c Wed Jul 3 21:05:35 2013 (r252604) +++ head/usr.sbin/rwhod/rwhod.c Wed Jul 3 21:07:02 2013 (r252605) @@ -43,6 +43,7 @@ static char sccsid[] = "@(#)rwhod.c 8.1 #include __FBSDID("$FreeBSD$"); +#include #include #include #include @@ -220,7 +221,7 @@ main(int argc, char *argv[]) daemon(1, 0); #endif (void) signal(SIGHUP, getboottime); - openlog("rwhod", LOG_PID, LOG_DAEMON); + openlog("rwhod", LOG_PID | LOG_NDELAY, LOG_DAEMON); sp = getservbyname("who", "udp"); if (sp == NULL) { syslog(LOG_ERR, "who/udp: unknown service"); @@ -342,12 +343,27 @@ receiver_process(void) struct sockaddr_in from; struct stat st; char path[64]; + int dirfd; struct whod wd; socklen_t len; int cc, whod; time_t t; len = sizeof(from); + dirfd = open(".", O_RDONLY | O_DIRECTORY); + if (dirfd < 0) { + syslog(LOG_WARNING, "%s: %m", _PATH_RWHODIR); + exit(1); + } + if (cap_rights_limit(dirfd, CAP_CREATE | CAP_WRITE | CAP_FTRUNCATE | + CAP_SEEK | CAP_LOOKUP | CAP_FSTAT) < 0 && errno != ENOSYS) { + syslog(LOG_WARNING, "cap_rights_limit: %m"); + exit(1); + } + if (cap_enter() < 0 && errno != ENOSYS) { + syslog(LOG_ERR, "cap_enter: %m"); + exit(1); + } for (;;) { cc = recvfrom(s, &wd, sizeof(wd), 0, (struct sockaddr *)&from, &len); @@ -380,11 +396,16 @@ receiver_process(void) * Rather than truncating and growing the file each time, * use ftruncate if size is less than previous size. */ - whod = open(path, O_WRONLY | O_CREAT, 0644); + whod = openat(dirfd, path, O_WRONLY | O_CREAT, 0644); if (whod < 0) { syslog(LOG_WARNING, "%s: %m", path); continue; } + if (cap_rights_limit(whod, CAP_WRITE | CAP_FTRUNCATE | + CAP_FSTAT) < 0 && errno != ENOSYS) { + syslog(LOG_WARNING, "cap_rights_limit: %m"); + exit(1); + } #if ENDIAN != BIG_ENDIAN { struct whoent *we; @@ -412,6 +433,7 @@ receiver_process(void) ftruncate(whod, cc); (void) close(whod); } + (void) close(dirfd); } void