From owner-freebsd-bugs@FreeBSD.ORG Mon Jan 29 18:40:17 2007 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F164516A40A for ; Mon, 29 Jan 2007 18:40:16 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 869BF13C4A6 for ; Mon, 29 Jan 2007 18:40:16 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l0TIeGMc080648 for ; Mon, 29 Jan 2007 18:40:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l0TIeG9k080647; Mon, 29 Jan 2007 18:40:16 GMT (envelope-from gnats) Resent-Date: Mon, 29 Jan 2007 18:40:16 GMT Resent-Message-Id: <200701291840.l0TIeG9k080647@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dmitri Alenitchev Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8777B16A400 for ; Mon, 29 Jan 2007 18:36:38 +0000 (UTC) (envelope-from dmitri@opay.ru) Received: from opay.ru (opay.ru [81.19.78.124]) by mx1.freebsd.org (Postfix) with ESMTP id 08B2413C4B4 for ; Mon, 29 Jan 2007 18:36:38 +0000 (UTC) (envelope-from dmitri@opay.ru) Received: by opay.ru (Postfix, from userid 1001) id A2ACA1EA615; Mon, 29 Jan 2007 21:13:23 +0300 (MSK) Message-Id: <20070129181323.A2ACA1EA615@opay.ru> Date: Mon, 29 Jan 2007 21:13:23 +0300 (MSK) From: Dmitri Alenitchev To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: bin/108523: [patch] daemon(8): support for dropping privileges X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dmitri Alenitchev List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jan 2007 18:40:17 -0000 >Number: 108523 >Category: bin >Synopsis: [patch] daemon(8): support for dropping privileges >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Jan 29 18:40:15 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Dmitri Alenitchev >Release: FreeBSD 5.4-RELEASE i386 >Organization: Digital Worlds J.S.C. >Environment: System: FreeBSD opay.ru 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: support for dropping privileges to specified user and/or group >How-To-Repeat: >Fix: --- freebsd-daemon.diff begins here --- Index: daemon.8 =================================================================== RCS file: /home/ncvs/src/usr.sbin/daemon/daemon.8,v retrieving revision 1.7 diff -u -r1.7 daemon.8 --- daemon.8 24 Aug 2005 17:24:39 -0000 1.7 +++ daemon.8 29 Jan 2007 08:46:53 -0000 @@ -35,13 +35,16 @@ .Sh SYNOPSIS .Nm .Op Fl cf +.Op Fl u Ar user +.Op Fl g Ar group .Op Fl p Ar pidfile .Ar command arguments ... .Sh DESCRIPTION The .Nm utility detaches itself from the controlling terminal and -executes the program specified by its arguments. +executes the program specified by its arguments. Privileges can +be lowered to specified user and/or group. .Pp The options are as follows: .Bl -tag -width indent @@ -51,6 +54,10 @@ .It Fl f Redirect standard input, standard output and standard error to .Pa /dev/null . +.It Fl u Ar user +Drop privileges to specified user. +.It Fl g Ar group +Drop privileges to specified group. .It Fl p Ar file Write the ID of the created process into the .Ar file @@ -77,6 +84,8 @@ .Fl f flag is specified. .Sh SEE ALSO +.Xr setregid 2 , +.Xr setreuid 2 , .Xr daemon 3 , .Xr exec 3 , .Xr pidfile 3 , Index: daemon.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/daemon/daemon.c,v retrieving revision 1.4 diff -u -r1.4 daemon.c --- daemon.c 24 Aug 2005 17:24:39 -0000 1.4 +++ daemon.c 29 Jan 2007 08:46:53 -0000 @@ -35,11 +35,14 @@ #include #include +#include +#include #include #include #include #include +static void restrict_process(const char *, const char *); static void usage(void); int @@ -47,12 +50,12 @@ { struct pidfh *pfh; int ch, nochdir, noclose, errcode; - const char *pidfile; + const char *pidfile, *user, *group; pid_t otherpid; nochdir = noclose = 1; - pidfile = NULL; - while ((ch = getopt(argc, argv, "-cfp:")) != -1) { + pidfile = user = group = NULL; + while ((ch = getopt(argc, argv, "-cfu:g:p:")) != -1) { switch (ch) { case 'c': nochdir = 0; @@ -60,6 +63,12 @@ case 'f': noclose = 0; break; + case 'u': + user = optarg; + break; + case 'g': + group = optarg; + break; case 'p': pidfile = optarg; break; @@ -72,6 +81,14 @@ if (argc == 0) usage(); + + if (user || group) { + if (geteuid() != 0) + errx(1, "Only root user is allowed to chroot & " + "change UID/GID"); + restrict_process(user, group); + } + /* * Try to open the pidfile before calling daemon(3), * to be able to report the error intelligently @@ -109,9 +126,32 @@ } static void +restrict_process(const char *user, const char *group) +{ + struct group *gr = NULL; + struct passwd *pw = NULL; + errno = 0; + + if (group != NULL) { + if ((gr = getgrnam(group)) == NULL) + errx(1, "Group %s does not exist", group); + if (setregid(gr->gr_gid, gr->gr_gid) == -1) + err(1, "%s", group); + } + + if (user != NULL) { + if ((pw = getpwnam(user)) == NULL) + errx(1, "User %s does not exist", user); + if (setreuid(pw->pw_uid, pw->pw_uid) == -1) + err(1, "%s", user); + } +} + +static void usage(void) { (void)fprintf(stderr, - "usage: daemon [-cf] [-p pidfile] command arguments ...\n"); + "usage: daemon [-cf] [-u user] [-g group] [-p pidfile] command " + "arguments ...\n"); exit(1); } --- freebsd-daemon.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: