[NetworkManager-fortisslvpn] pppd: drop privileges if possible
- From: Lubomir Rintel <lkundrak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-fortisslvpn] pppd: drop privileges if possible
- Date: Tue, 26 Mar 2019 09:45:33 +0000 (UTC)
commit 699e03988fc04d05a724533f95a80835c9adcec5
Author: Lubomir Rintel <lkundrak v3 sk>
Date: Mon Mar 25 20:07:06 2019 +0100
pppd: drop privileges if possible
This reduces the chance pppd does something stupid. It almost always does,
by executing /etc/ppp/ip-up, and it can not be told not to.
src/nm-fortisslvpn-pppd-plugin.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
---
diff --git a/src/nm-fortisslvpn-pppd-plugin.c b/src/nm-fortisslvpn-pppd-plugin.c
index e957b54..076713a 100644
--- a/src/nm-fortisslvpn-pppd-plugin.c
+++ b/src/nm-fortisslvpn-pppd-plugin.c
@@ -29,6 +29,7 @@
#include "nm-default.h"
+#include <sys/types.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
@@ -37,6 +38,8 @@
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
#include <glib/gstdio.h>
#include "nm-fortisslvpn-pppd-service-dbus.h"
@@ -51,6 +54,8 @@
static struct {
int log_level;
const char *log_prefix_token;
+ uid_t uid;
+ gid_t gid;
NMDBusFortisslvpnPpp *proxy;
} gl/*obal*/;
@@ -131,6 +136,20 @@ cleanup:
}
}
+static void
+drop_privs (void)
+{
+ if (gl.uid == 0)
+ return;
+ if (setgroups(0, NULL))
+ _LOGW ("setgroups() failed.");
+ if (setgid(gl.gid) != 0)
+ _LOGW ("setgid(%d) failed.", gl.gid);
+ if (setuid(gl.uid) != 0)
+ _LOGW ("setuid(%d) failed.", gl.uid);
+ gl.uid = 0;
+}
+
static void
nm_phasechange (void *data, int arg)
{
@@ -203,6 +222,9 @@ nm_phasechange (void *data, int arg)
if (ppp_status > NM_PPP_STATUS_SERIALCONN)
chroot_sandbox ();
+ if (ppp_status > NM_PPP_STATUS_NETWORK)
+ drop_privs ();
+
if (ppp_status != NM_PPP_STATUS_UNKNOWN) {
nmdbus_fortisslvpn_ppp_call_set_state (gl.proxy,
ppp_status,
@@ -381,6 +403,7 @@ plugin_init (void)
{
GError *error = NULL;
const char *bus_name;
+ struct passwd *pw;
nm_g_type_init ();
@@ -397,6 +420,19 @@ plugin_init (void)
_LOGI ("initializing");
+ pw = getpwnam("nm-fortisslvpn");
+ if (!pw) {
+ _LOGW ("No 'nm-fortisslvpn' user, falling back to nobody.");
+ pw = getpwnam("nobody");
+ }
+ if (pw) {
+ gl.uid = pw->pw_gid;
+ gl.gid = pw->pw_uid;
+ } else {
+ _LOGW ("No 'nobody' user, will not drop privileges.");
+ gl.uid = 0;
+ }
+
gl.proxy = nmdbus_fortisslvpn_ppp_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES,
bus_name,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]