diff options
| author |   deraadt <deraadt@openbsd.org> | 2004-05-01 00:39:22 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2004-05-01 00:39:22 +0000 |
| commit | 75a39e5e701cfaae50531f2313a633db68893a66 (patch) | |
| tree | 1e85a8cfce15331b41470728587d638fd12b1dcb | |
| parent | Fix nasty bug where driver would not correctly catch and handle an rnr (diff) | |
| download | wireguard-openbsd-75a39e5e701cfaae50531f2313a633db68893a66.tar.xz wireguard-openbsd-75a39e5e701cfaae50531f2313a633db68893a66.zip | |
priv revoking; tested by millert
| -rw-r--r-- | usr.sbin/rbootd/bpf.c | 8 | ||||
| -rw-r--r-- | usr.sbin/rbootd/conf.c | 6 | ||||
| -rw-r--r-- | usr.sbin/rbootd/pathnames.h | 4 | ||||
| -rw-r--r-- | usr.sbin/rbootd/rbootd.c | 60 | ||||
| -rw-r--r-- | usr.sbin/rbootd/utils.c | 5 |
5 files changed, 39 insertions, 44 deletions
diff --git a/usr.sbin/rbootd/bpf.c b/usr.sbin/rbootd/bpf.c index 58cd9bfcfbc..6f13975042f 100644 --- a/usr.sbin/rbootd/bpf.c +++ b/usr.sbin/rbootd/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.14 2003/08/19 22:20:10 itojun Exp $ */ +/* $OpenBSD: bpf.c,v 1.15 2004/05/01 00:39:22 deraadt Exp $ */ /* $NetBSD: bpf.c,v 1.5.2.1 1995/11/14 08:45:42 thorpej Exp $ */ /* @@ -45,7 +45,7 @@ #ifndef lint /*static char sccsid[] = "@(#)bpf.c 8.1 (Berkeley) 6/4/93";*/ -static char rcsid[] = "$OpenBSD: bpf.c,v 1.14 2003/08/19 22:20:10 itojun Exp $"; +static char rcsid[] = "$OpenBSD: bpf.c,v 1.15 2004/05/01 00:39:22 deraadt Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -220,11 +220,11 @@ BpfOpen(void) char * BpfGetIntfName(char **errmsg) { - int minunit, n; + int minunit = 999, n; char *cp; static char device[IFNAMSIZ]; static char errbuf[128] = "No Error!"; - struct ifaddrs *ifap, *ifa, *mp; + struct ifaddrs *ifap, *ifa, *mp = NULL; if (errmsg != NULL) *errmsg = errbuf; diff --git a/usr.sbin/rbootd/conf.c b/usr.sbin/rbootd/conf.c index c077ec07148..d076431bdbb 100644 --- a/usr.sbin/rbootd/conf.c +++ b/usr.sbin/rbootd/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.5 2003/06/02 23:36:54 millert Exp $ */ +/* $OpenBSD: conf.c,v 1.6 2004/05/01 00:39:22 deraadt Exp $ */ /* $NetBSD: conf.c,v 1.5 1995/10/06 05:12:13 thorpej Exp $ */ /* @@ -45,7 +45,7 @@ #ifndef lint /*static char sccsid[] = "@(#)conf.c 8.1 (Berkeley) 6/4/93";*/ -static char rcsid[] = "$OpenBSD: conf.c,v 1.5 2003/06/02 23:36:54 millert Exp $"; +static char rcsid[] = "$OpenBSD: conf.c,v 1.6 2004/05/01 00:39:22 deraadt Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -71,7 +71,7 @@ int BootAny = 0; /* set true if we boot anyone */ char *ConfigFile = NULL; /* configuration file */ char *DfltConfig = _PATH_RBOOTDCONF; /* default configuration file */ -char *BootDir = _PATH_RBOOTDLIB; /* directory w/boot files */ +char *BootDir = _PATH_RBOOTDDIR; /* directory w/boot files */ char *DbgFile = _PATH_RBOOTDDBG; /* debug output file */ FILE *DbgFp = NULL; /* debug file pointer */ diff --git a/usr.sbin/rbootd/pathnames.h b/usr.sbin/rbootd/pathnames.h index 1f17a0b3619..5f969b57523 100644 --- a/usr.sbin/rbootd/pathnames.h +++ b/usr.sbin/rbootd/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.4 2003/06/02 23:36:54 millert Exp $ */ +/* $OpenBSD: pathnames.h,v 1.5 2004/05/01 00:39:22 deraadt Exp $ */ /* $NetBSD: pathnames.h,v 1.3 1995/08/21 17:05:15 thorpej Exp $ */ /* @@ -46,4 +46,4 @@ #define _PATH_BPF "/dev/bpf%d" #define _PATH_RBOOTDCONF "/etc/rbootd.conf" #define _PATH_RBOOTDDBG "/tmp/rbootd.dbg" -#define _PATH_RBOOTDLIB "/usr/mdec/rbootd" +#define _PATH_RBOOTDDIR "/usr/mdec/rbootd" diff --git a/usr.sbin/rbootd/rbootd.c b/usr.sbin/rbootd/rbootd.c index 9b604e88b47..b4a6e63db38 100644 --- a/usr.sbin/rbootd/rbootd.c +++ b/usr.sbin/rbootd/rbootd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rbootd.c,v 1.19 2004/01/23 03:48:43 deraadt Exp $ */ +/* $OpenBSD: rbootd.c,v 1.20 2004/05/01 00:39:22 deraadt Exp $ */ /* $NetBSD: rbootd.c,v 1.5 1995/10/06 05:12:17 thorpej Exp $ */ /* @@ -51,7 +51,7 @@ static char copyright[] = #ifndef lint /*static char sccsid[] = "@(#)rbootd.c 8.1 (Berkeley) 6/4/93";*/ -static char rcsid[] = "$OpenBSD: rbootd.c,v 1.19 2004/01/23 03:48:43 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: rbootd.c,v 1.20 2004/05/01 00:39:22 deraadt Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -68,6 +68,7 @@ static char rcsid[] = "$OpenBSD: rbootd.c,v 1.19 2004/01/23 03:48:43 deraadt Exp #include <syslog.h> #include <unistd.h> #include <util.h> +#include <pwd.h> #include "defs.h" @@ -93,19 +94,15 @@ int main(int argc, char *argv[]) { int c, fd, maxfds; - fd_set rset; sigset_t hmask, omask; + struct passwd *pw; + fd_set rset; - /* - * Close any open file descriptors. - * Temporarily leave stdin & stdout open for `-d', - * and stderr open for any pre-syslog error messages. - */ closefrom(STDERR_FILENO + 1); - /* - * Parse any arguments. - */ + if ((pw = getpwnam("_rbootd")) == NULL) + err(1, "getpwnam"); + while ((c = getopt(argc, argv, "adi:")) != -1) switch (c) { case 'a': @@ -144,8 +141,6 @@ main(int argc, char *argv[]) (void) signal(SIGUSR2, DebugOff); } - openlog(__progname, LOG_PID, LOG_DAEMON); - /* * If no interface was specified, get one now. * @@ -165,26 +160,18 @@ main(int argc, char *argv[]) } } + openlog(__progname, LOG_PID, LOG_DAEMON); + fd = BpfOpen(); syslog(LOG_NOTICE, "restarted (%s)", IntfName); (void) signal(SIGHUP, ReConfig); (void) signal(SIGINT, Exit); (void) signal(SIGTERM, Exit); - /* - * Grab our host name and pid. - */ - if (gethostname(MyHost, MAXHOSTNAMELEN) < 0) { - syslog(LOG_ERR, "gethostname: %m"); - DoExit(); - } + gethostname(MyHost, MAXHOSTNAMELEN); - /* - * Write proc's pid to a file. - */ - if (pidfile(NULL) < 0) { + if (pidfile(NULL) < 0) syslog(LOG_WARNING, "pidfile: failed"); - } /* * All boot files are relative to the boot directory, we might @@ -206,12 +193,21 @@ main(int argc, char *argv[]) if (ParseConfig() == 0) /* parse config file */ DoExit(); - /* - * Open and initialize a BPF device for the appropriate interface. - * If an error is encountered, a message is displayed and DoExit() - * is called. - */ - fd = BpfOpen(); + if (chroot(BootDir) == -1) { + syslog(LOG_CRIT, "chroot %s: %m", BootDir); + exit(1); + } + if (chdir("/") == -1) { + syslog(LOG_CRIT, "chdir(\"/\"): %m"); + exit(1); + } + if (setgroups(1, &pw->pw_gid) || + setegid(pw->pw_gid) || setgid(pw->pw_gid) || + seteuid(pw->pw_uid) || setuid(pw->pw_uid)) { + syslog(LOG_CRIT, "can't drop privileges: %m"); + exit(1); + } + endpwent(); sigprocmask(SIG_SETMASK, &omask, NULL); /* allow reconfig's */ @@ -259,7 +255,7 @@ main(int argc, char *argv[]) syslog(LOG_ERR, "select: %m"); DoExit(); } else if (nsel == 0) { /* timeout */ - DoTimeout(); /* clear stale conns */ + DoTimeout(); /* clear stale conns */ continue; } diff --git a/usr.sbin/rbootd/utils.c b/usr.sbin/rbootd/utils.c index 460b6d08bb6..428c85b9d68 100644 --- a/usr.sbin/rbootd/utils.c +++ b/usr.sbin/rbootd/utils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utils.c,v 1.8 2003/06/02 23:36:54 millert Exp $ */ +/* $OpenBSD: utils.c,v 1.9 2004/05/01 00:39:22 deraadt Exp $ */ /* $NetBSD: utils.c,v 1.5.2.1 1995/11/14 08:45:46 thorpej Exp $ */ /* @@ -45,7 +45,7 @@ #ifndef lint /*static char sccsid[] = "@(#)utils.c 8.1 (Berkeley) 6/4/93";*/ -static char rcsid[] = "$OpenBSD: utils.c,v 1.8 2003/06/02 23:36:54 millert Exp $"; +static char rcsid[] = "$OpenBSD: utils.c,v 1.9 2004/05/01 00:39:22 deraadt Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -78,7 +78,6 @@ DispPkt(RMPCONN *rconn, int direct) { static char BootFmt[] = "\t\tRetCode:%u SeqNo:%lx SessID:%x Vers:%u"; static char ReadFmt[] = "\t\tRetCode:%u Offset:%lx SessID:%x\n"; - struct tm *tmp; struct rmp_packet *rmp; int i, omask; |