On Tue, 17 May 2016 16:21:47 +0200, Theo Buehler wrote:
> I agree with your diagnosis. skeyinit tries to fchown the file to the
> target user and gets EPERM since it is running with pledge.
>
> Here's a patch that disables pledge for skeyinit if it is run as root
> and there is a target user specified. It should be possible to pledge
> after the fchown() call, but I haven't had the time to investigate this,
> yet.
Why not just set the euid to the user so the file gets created with
the proper ID?
- todd
Index: usr.bin/skeyinit/skeyinit.c
===================================================================
RCS file: /cvs/src/usr.bin/skeyinit/skeyinit.c,v
retrieving revision 1.69
diff -u -p -u -r1.69 skeyinit.c
--- usr.bin/skeyinit/skeyinit.c 21 Feb 2016 22:53:40 -0000 1.69
+++ usr.bin/skeyinit/skeyinit.c 17 May 2016 14:50:48 -0000
@@ -117,9 +117,15 @@ main(int argc, char **argv)
exit(0);
}
- if (pledge("stdio rpath wpath cpath fattr flock tty proc exec getpw",
- NULL) == -1)
- err(1, "pledge");
+ if (argc == 1) {
+ if (pledge("stdio rpath wpath cpath fattr flock tty proc exec "
+ "getpw id", NULL) == -1)
+ err(1, "pledge");
+ } else {
+ if (pledge("stdio rpath wpath cpath fattr flock tty proc exec "
+ "getpw", NULL) == -1)
+ err(1, "pledge");
+ }
/* Build up a default seed based on the hostname and some randomness */
if (gethostname(hostname, sizeof(hostname)) < 0)
@@ -151,6 +157,11 @@ main(int argc, char **argv)
} else if (strcmp(pp->pw_name, me) != 0 && getuid() != 0) {
/* Only root can change other's S/Keys. */
errx(1, "Permission denied.");
+ } else {
+ /* So the file ends up owned by the proper ID. */
+ if (setresuid(-1, pp->pw_uid, -1) != 0)
+ errx(1, "unable to change user ID to %u",
+ pp->pw_uid);
}
}
