From mboxrd@z Thu Jan 1 00:00:00 1970 From: "corentin.labbe" Subject: Proof of concept patch, add dropping privileges to a non root user Date: Tue, 20 Oct 2009 16:07:30 +0200 Message-ID: <4ADDC422.3000108@geomatys.fr> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------050606020602040203060907" Return-path: Received: from mx1.redhat.com (ext-mx09.extmail.prod.ext.phx2.redhat.com [10.5.110.13]) by int-mx08.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id n9KE3Ukb020853 for ; Tue, 20 Oct 2009 10:03:30 -0400 Received: from cosmos.geomatys.fr (cosmos.geomatys.fr [88.191.17.20]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n9KE3HpJ017070 for ; Tue, 20 Oct 2009 10:03:18 -0400 Received: from localhost (unknown [127.0.0.1]) by cosmos.geomatys.fr (Postfix) with ESMTP id C49A71200003 for ; Tue, 20 Oct 2009 14:03:16 +0000 (UTC) Received: from cosmos.geomatys.fr ([127.0.0.1]) by localhost (cosmos.geomatys.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwuxVMlLl8Vh for ; Tue, 20 Oct 2009 16:03:16 +0200 (CEST) Received: from [127.0.0.1] (ANice-551-1-114-162.w86-194.abo.wanadoo.fr [86.194.110.162]) by cosmos.geomatys.fr (Postfix) with ESMTPSA id 5E47F1200002 for ; Tue, 20 Oct 2009 16:03:16 +0200 (CEST) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com This is a multi-part message in MIME format. --------------050606020602040203060907 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello This is a patch that add a -u parameter to auditd. This parameter permit to auditd to drop to an unprivilegied UID after initialization. Any comment will be appreciated. Cordially --------------050606020602040203060907 Content-Type: text/x-patch; name="auditd_drop_root_privilege.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="auditd_drop_root_privilege.patch" --- src/auditd.c.orig 2009-10-05 14:18:52.000000000 +0200 +++ src/auditd.c 2009-10-05 14:55:36.000000000 +0200 @@ -471,9 +471,10 @@ struct ev_signal sigusr2_watcher; struct ev_signal sigchld_watcher; int rc; + int auditd_uid=0; /* Get params && set mode */ - while ((c = getopt(argc, argv, "flns:")) != -1) { + while ((c = getopt(argc, argv, "flns:u:")) != -1) { switch (c) { case 'f': opt_foreground = 1; @@ -481,6 +482,17 @@ case 'l': opt_allow_links=1; break; + case 'u': + auditd_uid = atoi(optarg); + if (auditd_uid > 65535) { + fprintf(stderr, "Invalid UID '%s' > 65535\n", optarg); + usage(); + } + if (auditd_uid < 0) { + fprintf(stderr, "Invalid UID '%s' < 0\n", optarg); + usage(); + } + break; case 'n': do_fork = 0; break; @@ -522,7 +534,7 @@ #ifndef DEBUG /* Make sure we are root */ - if (getuid() != 0) { + if (getuid() != 0 && auditd_uid == 0) { fprintf(stderr, "You must be root to run this program.\n"); return 4; } @@ -690,6 +702,14 @@ shutdown_dispatcher(); return 1; } + + if (auditd_uid > 0) + if (setuid(auditd_uid) == -1) { + fprintf(stderr, "setuid error() %d.\n", errno); + shutdown_dispatcher(); + return 1; + } + audit_msg(LOG_NOTICE, "Init complete, auditd %s listening for events (startup state %s)", VERSION, --------------050606020602040203060907 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --------------050606020602040203060907--