[NetworkManager-fortisslvpn] pppd: drop privileges if possible

From: Lubomir Rintel <lkundrak src gnome org>
To: commits-list gnome org
Cc:
Subject: [NetworkManager-fortisslvpn] pppd: drop privileges if possible
Date: Tue, 26 Mar 2019 09:45:33 +0000 (UTC)

commit 699e03988fc04d05a724533f95a80835c9adcec5
Author: Lubomir Rintel <lkundrak v3 sk>
Date:   Mon Mar 25 20:07:06 2019 +0100

    pppd: drop privileges if possible
    
    This reduces the chance pppd does something stupid. It almost always does,
    by executing /etc/ppp/ip-up, and it can not be told not to.

 src/nm-fortisslvpn-pppd-plugin.c | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
---
diff --git a/src/nm-fortisslvpn-pppd-plugin.c b/src/nm-fortisslvpn-pppd-plugin.c
index e957b54..076713a 100644
--- a/src/nm-fortisslvpn-pppd-plugin.c
+++ b/src/nm-fortisslvpn-pppd-plugin.c
@@ -29,6 +29,7 @@
 
 #include "nm-default.h"
 
+#include <sys/types.h>
 #include <string.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -37,6 +38,8 @@
 #include <fcntl.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
 #include <glib/gstdio.h>
 
 #include "nm-fortisslvpn-pppd-service-dbus.h"
@@ -51,6 +54,8 @@
 static struct {
        int log_level;
        const char *log_prefix_token;
+       uid_t uid;
+       gid_t gid;
        NMDBusFortisslvpnPpp *proxy;
 } gl/*obal*/;
 
@@ -131,6 +136,20 @@ cleanup:
        }
 }
 
+static void
+drop_privs (void)
+{
+       if (gl.uid == 0)
+               return;
+       if (setgroups(0, NULL))
+               _LOGW ("setgroups() failed.");
+       if (setgid(gl.gid) != 0)
+               _LOGW ("setgid(%d) failed.", gl.gid);
+       if (setuid(gl.uid) != 0)
+               _LOGW ("setuid(%d) failed.", gl.uid);
+       gl.uid = 0;
+}
+
 static void
 nm_phasechange (void *data, int arg)
 {
@@ -203,6 +222,9 @@ nm_phasechange (void *data, int arg)
        if (ppp_status > NM_PPP_STATUS_SERIALCONN)
                chroot_sandbox ();
 
+       if (ppp_status > NM_PPP_STATUS_NETWORK)
+               drop_privs ();
+
        if (ppp_status != NM_PPP_STATUS_UNKNOWN) {
                nmdbus_fortisslvpn_ppp_call_set_state (gl.proxy,
                                                       ppp_status,
@@ -381,6 +403,7 @@ plugin_init (void)
 {
        GError *error = NULL;
        const char *bus_name;
+       struct passwd *pw;
 
        nm_g_type_init ();
 
@@ -397,6 +420,19 @@ plugin_init (void)
 
        _LOGI ("initializing");
 
+       pw = getpwnam("nm-fortisslvpn");
+       if (!pw) {
+               _LOGW ("No 'nm-fortisslvpn' user, falling back to nobody.");
+               pw = getpwnam("nobody");
+       }
+       if (pw) {
+               gl.uid = pw->pw_gid;
+               gl.gid = pw->pw_uid;
+       } else {
+               _LOGW ("No 'nobody' user, will not drop privileges.");
+               gl.uid = 0;
+       }
+
        gl.proxy = nmdbus_fortisslvpn_ppp_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
                                                                  G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES,
                                                                  bus_name,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]