diff options
| author |   henning <henning@openbsd.org> | 2004-04-15 21:42:53 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2004-04-15 21:42:53 +0000 |
| commit | e45c764a7e017dec265a9164664c23d1678d26a7 (patch) | |
| tree | 64d0c37d934686e74d8f2b6a69a45e1bf2565897 /usr.sbin/mopd | |
| parent | Since *ramread and *ramwrite are the same code, really, factorize them a la (diff) | |
| download | wireguard-openbsd-e45c764a7e017dec265a9164664c23d1678d26a7.tar.xz wireguard-openbsd-e45c764a7e017dec265a9164664c23d1678d26a7.zip | |
chroot and drop privileges to _mopd:_mopd after initialization.
testing and ok hshoexer@
Diffstat (limited to 'usr.sbin/mopd')
| -rw-r--r-- | usr.sbin/mopd/mopd/mopd.c | 32 | ||||
| -rw-r--r-- | usr.sbin/mopd/mopd/process.c | 7 |
2 files changed, 30 insertions, 9 deletions
diff --git a/usr.sbin/mopd/mopd/mopd.c b/usr.sbin/mopd/mopd/mopd.c index 76fde5d0983..35e5e58b828 100644 --- a/usr.sbin/mopd/mopd/mopd.c +++ b/usr.sbin/mopd/mopd/mopd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mopd.c,v 1.10 2004/04/12 20:01:11 henning Exp $ */ +/* $OpenBSD: mopd.c,v 1.11 2004/04/15 21:42:53 henning Exp $ */ /* * Copyright (c) 1993-96 Mats O Jansson. All rights reserved. @@ -26,7 +26,7 @@ #ifndef LINT static const char rcsid[] = - "$OpenBSD: mopd.c,v 1.10 2004/04/12 20:01:11 henning Exp $"; + "$OpenBSD: mopd.c,v 1.11 2004/04/15 21:42:53 henning Exp $"; #endif /* @@ -48,6 +48,8 @@ static const char rcsid[] = #include "common/rc.h" #include "process.h" +#include "pwd.h" + /* * The list of all interfaces that are being listened to. * "selects" on the descriptors in this list. @@ -71,9 +73,10 @@ extern char *__progname; int main(int argc, char *argv[]) { - int c, devnull, f; - char *interface; - pid_t pid; + int c, devnull, f; + char *interface; + pid_t pid; + struct passwd *pw; extern char version[]; @@ -116,6 +119,9 @@ main(int argc, char *argv[]) /* All error reporting is done through syslogs. */ openlog(__progname, LOG_PID | LOG_CONS, LOG_DAEMON); + if ((pw = getpwnam("_mopd")) == NULL) + err(1, "getpwnam"); + if ((!ForegroundFlag) && DebugFlag) fprintf(stdout, "%s: not running as daemon, -d given.\n", __progname); @@ -131,6 +137,22 @@ main(int argc, char *argv[]) else deviceInitOne(interface); + if (chroot(MOP_FILE_PATH) == -1) { + syslog(LOG_CRIT, "chroot %s: %m", MOP_FILE_PATH); + exit(1); + } + if (chdir("/") == -1) { + syslog(LOG_CRIT, "chdir(\"/\"): %m"); + exit(1); + } + if (setgroups(1, &pw->pw_gid) || + setegid(pw->pw_gid) || setgid(pw->pw_gid) || + seteuid(pw->pw_uid) || setuid(pw->pw_uid)) { + syslog(LOG_CRIT, "can't drop privileges: %m"); + exit(1); + } + endpwent(); + Loop(); } diff --git a/usr.sbin/mopd/mopd/process.c b/usr.sbin/mopd/mopd/process.c index 2dd295eeabf..d39b3465f50 100644 --- a/usr.sbin/mopd/mopd/process.c +++ b/usr.sbin/mopd/mopd/process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: process.c,v 1.13 2004/04/12 20:01:12 henning Exp $ */ +/* $OpenBSD: process.c,v 1.14 2004/04/15 21:42:53 henning Exp $ */ /* * Copyright (c) 1993-95 Mats O Jansson. All rights reserved. @@ -26,7 +26,7 @@ #ifndef LINT static const char rcsid[] = - "$OpenBSD: process.c,v 1.13 2004/04/12 20:01:12 henning Exp $"; + "$OpenBSD: process.c,v 1.14 2004/04/15 21:42:53 henning Exp $"; #endif #include "os.h" @@ -459,8 +459,7 @@ mopProcessDL(FILE *fd, struct if_info *ii, u_char *pkt, int *index, u_char *dst, bcopy(src, dl_rpr->eaddr, 6); mopProcessInfo(pkt, index, moplen, dl_rpr, trans); - snprintf(filename, sizeof(filename), "%s/%s.SYS", - MOP_FILE_PATH, pfile); + snprintf(filename, sizeof(filename), "%s.SYS", pfile); if ((mopCmpEAddr(dst, dl_mcst) == 0)) { if ((nfd = open(filename, O_RDONLY, 0)) != -1) { close(nfd); |