diff options
| author |   itojun <itojun@openbsd.org> | 2002-10-16 15:01:08 +0000 |
|---|---|---|
| committer | itojun <itojun@openbsd.org> | 2002-10-16 15:01:08 +0000 |
| commit | 0d36d140366e4cceb24c82c7dccfc5193238e887 (patch) | |
| tree | 65536b40d2555915d9fa3a671db8164fd568adff /bin/systrace/systrace.c | |
| parent | translation for socket system call (diff) | |
| download | wireguard-openbsd-0d36d140366e4cceb24c82c7dccfc5193238e887.tar.xz wireguard-openbsd-0d36d140366e4cceb24c82c7dccfc5193238e887.zip | |
support for privilege elevation.
with privilege elevation no suid or sgid binaries are necessary any
longer. Applications can be executed completely
unprivileged. Systrace raises the privileges for a single system call
depending on the configured policy.
Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
from provos
Diffstat (limited to 'bin/systrace/systrace.c')
| -rw-r--r-- | bin/systrace/systrace.c | 40 |
1 files changed, 35 insertions, 5 deletions
diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c index 8913ce7fe79..5d52cb1c06e 100644 --- a/bin/systrace/systrace.c +++ b/bin/systrace/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.37 2002/10/09 03:52:10 itojun Exp $ */ +/* $OpenBSD: systrace.c,v 1.38 2002/10/16 15:01:08 itojun Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -392,7 +392,8 @@ static void usage(void) { fprintf(stderr, - "Usage: systrace [-aituU] [-d poldir] [-g gui] [-f policy] [-p pid] command ...\n"); + "Usage: systrace [-aAituU] [-d poldir] [-g gui] [-f policy]\n" + "\t [-c uid:gid] [-p pid] command ...\n"); exit(1); } @@ -450,21 +451,38 @@ main(int argc, char **argv) char **args; char *filename = NULL; char *policypath = NULL; - char *guipath = _PATH_XSYSTRACE; + char *guipath = _PATH_XSYSTRACE, *p; struct timeval tv, tv_wait = {60, 0}; pid_t pidattach = 0; int usex11 = 1, count; int background; + int setcredentials = 0; + uid_t cr_uid; + gid_t cr_gid; - while ((c = getopt(argc, argv, "aAituUd:g:f:p:")) != -1) { + while ((c = getopt(argc, argv, "c:aAituUd:g:f:p:")) != -1) { switch (c) { + case 'c': + p = strsep(&optarg, ":"); + if (optarg == NULL || *optarg == '\0') + usage(); + setcredentials = 1; + cr_uid = atoi(p); + cr_gid = atoi(optarg); + + if (cr_uid <= 0 || cr_gid <= 0) + usage(); case 'a': + if (allow) + usage(); automatic = 1; break; case 'd': policypath = optarg; break; case 'A': + if (automatic) + usage(); allow = 1; break; case 'u': @@ -480,6 +498,8 @@ main(int argc, char **argv) filename = optarg; break; case 'p': + if (setcredentials) + usage(); if ((pidattach = atoi(optarg)) == 0) { warnx("bad pid: %s", optarg); usage(); @@ -504,6 +524,11 @@ main(int argc, char **argv) systrace_parameters(); + if (setcredentials && !iamroot) { + fprintf(stderr, "Need to be root to change credentials.\n"); + usage(); + } + /* Local initalization */ systrace_initalias(); systrace_initpolicy(filename, policypath); @@ -524,7 +549,12 @@ main(int argc, char **argv) args[i] = argv[i]; args[i] = NULL; - trpid = intercept_run(background, trfd, args[0], args); + if (setcredentials) + trpid = intercept_run(background, trfd, + cr_uid, cr_gid, args[0], args); + else + trpid = intercept_run(background, trfd, 0, 0, + args[0], args); if (trpid == -1) err(1, "fork"); |