diff options
author | millert <millert@openbsd.org> | 2015-11-08 17:48:48 +0000 |
---|---|---|
committer | millert <millert@openbsd.org> | 2015-11-08 17:48:48 +0000 |
commit | 36246103e97cecd8c26896be8ca2729c847dea66 (patch) | |
tree | acd867db3a7769afac02eb9aa4cb1227fc8d2c94 /usr.sbin/kvm_mkdb/kvm_mkdb.c | |
parent | Quiet silly clang analyzer warning in calloc() usage. (diff) | |
download | wireguard-openbsd-36246103e97cecd8c26896be8ca2729c847dea66.tar.xz wireguard-openbsd-36246103e97cecd8c26896be8ca2729c847dea66.zip |
Set the effective gid to kmem so the fchown of kvm_bsd.db is allowed
by pledge(2). This requires pledge "id" but that can be dropped
immediately after the setegid() call. From Theo Buehler
Diffstat (limited to 'usr.sbin/kvm_mkdb/kvm_mkdb.c')
-rw-r--r-- | usr.sbin/kvm_mkdb/kvm_mkdb.c | 44 |
1 files changed, 28 insertions, 16 deletions
diff --git a/usr.sbin/kvm_mkdb/kvm_mkdb.c b/usr.sbin/kvm_mkdb/kvm_mkdb.c index 5759f4bb454..83abe3156d0 100644 --- a/usr.sbin/kvm_mkdb/kvm_mkdb.c +++ b/usr.sbin/kvm_mkdb/kvm_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kvm_mkdb.c,v 1.25 2015/11/05 16:15:47 deraadt Exp $ */ +/* $OpenBSD: kvm_mkdb.c,v 1.26 2015/11/08 17:48:48 millert Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -48,8 +48,8 @@ #include "extern.h" -void usage(void); -int kvm_mkdb(int, const char *, char *, char *, int); +__dead void usage(void); +int kvm_mkdb(int, const char *, char *, char *, gid_t, int); HASHINFO openinfo = { 4096, /* bsize */ @@ -64,10 +64,24 @@ int main(int argc, char *argv[]) { struct rlimit rl; + struct group *gr; + gid_t kvm_gid = -1; int fd, rval, ch, verbose = 0; char *nlistpath, *nlistname; char dbdir[PATH_MAX]; + if (pledge("stdio rpath wpath cpath fattr flock id", NULL) == -1) + err(1, "pledge"); + + /* Try to use the kmem group to be able to fchown() in kvm_mkdb(). */ + if ((gr = getgrnam("kmem")) == NULL) { + warn("can't find kmem group"); + } else { + kvm_gid = gr->gr_gid; + if (setegid(kvm_gid) == -1) + err(1, "setegid"); + } + /* Increase our data size to the max if we can. */ if (getrlimit(RLIMIT_DATA, &rl) == 0) { rl.rlim_cur = rl.rlim_max; @@ -75,6 +89,9 @@ main(int argc, char *argv[]) warn("can't set rlimit data size"); } + if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) + err(1, "pledge"); + strlcpy(dbdir, _PATH_VARDB, sizeof(dbdir)); while ((ch = getopt(argc, argv, "vo:")) != -1) switch (ch) { @@ -98,20 +115,18 @@ main(int argc, char *argv[]) if (argc > 1) usage(); - if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) - err(1, "pledge"); - /* If no kernel specified use _PATH_KSYMS and fall back to _PATH_UNIX */ if (argc > 0) { nlistpath = argv[0]; nlistname = basename(nlistpath); if ((fd = open(nlistpath, O_RDONLY, 0)) == -1) err(1, "can't open %s", nlistpath); - rval = kvm_mkdb(fd, dbdir, nlistpath, nlistname, verbose); + rval = kvm_mkdb(fd, dbdir, nlistpath, nlistname, kvm_gid, + verbose); } else { nlistname = basename(_PATH_UNIX); if ((fd = open((nlistpath = _PATH_KSYMS), O_RDONLY, 0)) == -1 || - (rval = kvm_mkdb(fd, dbdir, nlistpath, nlistname, + (rval = kvm_mkdb(fd, dbdir, nlistpath, nlistname, kvm_gid, verbose)) != 0) { if (fd == -1) warnx("can't open %s", _PATH_KSYMS); @@ -119,21 +134,20 @@ main(int argc, char *argv[]) warnx("will try again using %s instead", _PATH_UNIX); if ((fd = open((nlistpath = _PATH_UNIX), O_RDONLY, 0)) == -1) err(1, "can't open %s", nlistpath); - rval = kvm_mkdb(fd, dbdir, nlistpath, nlistname, - verbose); + rval = kvm_mkdb(fd, dbdir, nlistpath, nlistname, + kvm_gid, verbose); } } exit(rval); } int -kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname, +kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname, gid_t gid, int verbose) { DB *db; char dbtemp[PATH_MAX], dbname[PATH_MAX]; int r; - struct group *gr; r = snprintf(dbtemp, sizeof(dbtemp), "%skvm_%s.tmp", dbdir, nlistname); @@ -164,9 +178,7 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname, return(1); } - if ((gr = getgrnam("kmem")) == NULL) { - warn("can't find kmem group"); - } else if (fchown(db->fd(db), -1, gr->gr_gid)) { + if (gid != -1 && fchown(db->fd(db), -1, gid) == -1) { warn("can't chown %s", dbtemp); (void)unlink(dbtemp); return(1); @@ -192,7 +204,7 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname, return(0); } -void +__dead void usage(void) { (void)fprintf(stderr, "usage: kvm_mkdb [-v] [-o directory] [file]\n"); |