[PATCH] nfs-utils - 1 of 6 - statd - drop privs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Dickson <SteveD@redhat.com>
To: nfs@lists.sourceforge.net
Subject: [PATCH] nfs-utils - 1 of 6 - statd - drop privs
Date: Wed, 18 Jun 2003 13:33:55 -0400	[thread overview]
Message-ID: <3EF0A283.5010206@RedHat.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 355 bytes --]

The following 6 patches have been ported to the
1.0.3 release the nfs-utils package. I'm hopefully
that Neil will incorate these so I no longer
have to continue porting them... ;-)


This first patch allows statd to run as a non-root
user. If there is not an rpcuser account (which
there is in our world) it will try to use the
nobody account.

SteveD.



[-- Attachment #2: nfs-utils-1.0.3-01-statd-dropprivs.patch --]
[-- Type: text/plain, Size: 3534 bytes --]

--- ./utils/statd/statd.c.orig	2003-06-02 14:57:03.000000000 -0400
+++ ./utils/statd/statd.c	2003-06-02 14:57:15.000000000 -0400
@@ -17,6 +17,10 @@
 #include <rpc/rpc.h>
 #include <rpc/pmap_clnt.h>
 #include <rpcmisc.h>
+#include <pwd.h>
+#include <grp.h>
+#include <sys/types.h>
+#include <fcntl.h>
 #include "statd.h"
 #include "version.h"
 
@@ -34,6 +38,7 @@
 char *  SM_BAK_DIR =  DEFAULT_SM_BAK_DIR;
 char *  SM_STAT_PATH = DEFAULT_SM_STAT_PATH;
 
+
 /* ----- end of state directory path stuff ------- */
 
 short int restart = 0;
@@ -66,6 +71,47 @@
 extern void simulator (int, char **);
 #endif
 
+/*
+ * Privilege dropper
+ */
+static void
+drop_privs(void)
+{
+  /* First locate user to jump to */
+  /* Prefer _not_ to use nobody as we'll own some files */
+  struct passwd* pw;
+
+  pw = getpwnam(RUN_AS_USER);
+  if (pw == NULL)
+  {
+    /* i.e. nobody */
+    log (L_WARNING, "Warning: You should really create user %s\n",
+         RUN_AS_USER);
+    pw = getpwnam(RUN_AS_FALLBACK);
+  }
+  if (pw == NULL)
+  {
+    die("Cannot start - cannot drop privs: getpwnam()\n");
+  }
+
+  initgroups(pw->pw_name, pw->pw_gid);
+
+  setgid(pw->pw_gid);
+  setuid(pw->pw_uid);
+
+  if (getgid() == 0)
+  {
+    die("Cannot start - cannot drop privs: getgid()\n");
+  }
+  else if (getuid() == 0)
+  {
+    die("Cannot start - cannot drop privs: getuid()\n");
+  }
+
+  /* Good enough */
+}
+
+
 
 #ifdef HAVE_TCP_WRAPPER 
 #include "tcpwrapper.h"
@@ -264,8 +310,6 @@
 						   daemon mode. */
 	}
 
-	log_init (name_p,version_p);
-
 	log_modes();
 
 #ifdef SIMULATIONS
@@ -298,6 +342,8 @@
 		}
 	}
 
+	log_init (name_p, version_p);
+
 	/* Child. */
 	signal (SIGHUP, killer);
 	signal (SIGINT, killer);
@@ -305,9 +351,33 @@
 	/* WARNING: the following works on Linux and SysV, but not BSD! */
 	signal(SIGCHLD, SIG_IGN);
 
+ 
+	/* cevans - we're going to drop root privs, but before we do that,
+	 * make sure to get our port <1024 socket
+	 */
+ 
+	/* Insist on starting as root - this means that when we setuid() away
+	 * from root, we'll keep current->dumpable=0 and prevent being messed
+	 * with (we may revert to user "nobody" - it's better than root
+	 */
+	if (getuid() != 0)
+		die("Startup failed: Please start rpc.statd as root\n");
+ 
+	/* Arm the ****** resolver before chroot() so it doesn't fail
+	 * trying to open /etc/ for the dozenth time
+	 */
+	sethostent(1);
+
 	/* initialize out_port */
 	statd_get_socket(out_port);
 
+	/* Drop privs */
+	drop_privs();
+
+	/* After dropping privs, verify we can access all the files we need */
+	if (access(".", R_OK|W_OK|X_OK) != 0)
+		die("Cannot access current directory after dropping privs: access()\n");
+
 	for (;;) {
 		if (!(run_mode & MODE_NOTIFY_ONLY)) {
 			/* Do not do pmap_unset() when running in notify mode.
--- ./utils/statd/statd.h.orig	2003-06-02 14:57:03.000000000 -0400
+++ ./utils/statd/statd.h	2003-06-02 15:00:10.000000000 -0400
@@ -10,3 +10,10 @@
 #include "system.h"
 #include "log.h"
 
+/* Users we try and run as (prefer non-nobody because nobody is overloaded */
+/* Also, the user we run as will own some important nfs state files */
+#define RUN_AS_USER   "rpcuser"
+/* Bah */
+#define RUN_AS_FALLBACK   "nobody"
+
+
--- ./utils/statd/log.c.orig	2003-06-02 14:57:03.000000000 -0400
+++ ./utils/statd/log.c	2003-06-02 14:57:15.000000000 -0400
@@ -32,7 +32,7 @@
 void log_init()
 {
 	if (!(run_mode & MODE_LOG_STDERR)) 
-		openlog(name_p, LOG_PID, LOG_DAEMON);
+		openlog(name_p, LOG_PID | LOG_NDELAY, LOG_DAEMON);
 
 	mypid = getpid();

next             reply	other threads:[~2003-06-18 17:32 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-18 17:33 Steve Dickson [this message]
2003-07-02  6:17 ` [PATCH] nfs-utils - 1 of 6 - statd - drop privs Neil Brown
2003-07-03 11:42   ` Steve Dickson
2003-07-04  2:26     ` Neil Brown
2003-07-04  4:26       ` Neil Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3EF0A283.5010206@RedHat.com \
    --to=steved@redhat.com \
    --cc=nfs@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.