connman Digest, Vol 6, Issue 1

[connman-request]

Send connman mailing list submissions to
        connman@lists.01.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
        connman-requ...@lists.01.org

You can reach the person managing the list at
        connman-ow...@lists.01.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."


Today's Topics:

   1. [PATCH] dnsproxy: Enable fallback nameservers when default
      service changes (Patrik Flykt)
   2. Try to run connman/bluez as no-root (Zheng, Wu)


----------------------------------------------------------------------

Message: 1
Date: Fri,  1 Apr 2016 12:29:57 +0300
From: Patrik Flykt <patrik.fl...@linux.intel.com>
To: connman@lists.01.org,       viliam.lej...@kistler.com
Subject: [PATCH] dnsproxy: Enable fallback nameservers when default
        service changes
Message-ID:
        <1459502997-30680-1-git-send-email-patrik.fl...@linux.intel.com>

Enable fallback nameservers if there are no service specific ones. The
fallback nameservers will be enabled when the default service changes or
the last service specific nameservers are removed.

Reported by Viliam Lejcik.
---

Please test,

       Patrik


 src/dnsproxy.c | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/src/dnsproxy.c b/src/dnsproxy.c
index 206008f..f3ebcf0 100644
--- a/src/dnsproxy.c
+++ b/src/dnsproxy.c
@@ -2525,6 +2525,25 @@ static int server_create_socket(struct server_data *data)
        return 0;
 }
 
+static void enable_fallback(bool enable)
+{
+       GSList *list;
+
+       for (list = server_list; list; list = list->next) {
+               struct server_data *data = list->data;
+
+               if (data->index != -1)
+                       continue;
+
+               if (enable)
+                       DBG("Enabling fallback DNS server %s", data->server);
+               else
+                       DBG("Disabling fallback DNS server %s", data->server);
+
+               data->enabled = enable;
+       }
+}
+
 static struct server_data *create_server(int index,
                                        const char *domain, const char *server,
                                        int protocol)
@@ -2611,6 +2630,8 @@ static struct server_data *create_server(int index,
                                                                data->index)) {
                        data->enabled = true;
                        DBG("Adding DNS server %s", data->server);
+
+                       enable_fallback(false);
                }
 
                server_list = g_slist_append(server_list, data);
@@ -2772,12 +2793,22 @@ static void remove_server(int index, const char *domain,
                        const char *server, int protocol)
 {
        struct server_data *data;
+       GSList *list;
 
        data = find_server(index, server, protocol);
        if (!data)
                return;
 
        destroy_server(data);
+
+       for (list = server_list; list; list = list->next) {
+               struct server_data *data = list->data;
+
+               if (data->index != -1 && data->enabled == true)
+                       return;
+       }
+
+       enable_fallback(true);
 }
 
 int __connman_dnsproxy_remove(int index, const char *domain,
@@ -2830,6 +2861,7 @@ static void dnsproxy_offline_mode(bool enabled)
 
 static void dnsproxy_default_changed(struct connman_service *service)
 {
+       bool server_enabled = false;
        GSList *list;
        int index;
 
@@ -2854,12 +2886,16 @@ static void dnsproxy_default_changed(struct 
connman_service *service)
                if (data->index == index) {
                        DBG("Enabling DNS server %s", data->server);
                        data->enabled = true;
+                       server_enabled = true;
                } else {
                        DBG("Disabling DNS server %s", data->server);
                        data->enabled = false;
                }
        }
 
+       if (!server_enabled)
+               enable_fallback(true);
+
        cache_refresh();
 }
 
-- 
2.8.0.rc3



------------------------------

Message: 2
Date: Fri, 1 Apr 2016 10:27:48 +0000
From: "Zheng, Wu" <wu.zh...@intel.com>
To: Patrik Flykt <patrik.fl...@linux.intel.com>
Cc: "connman@lists.01.org" <connman@lists.01.org>, "Barbieri, Gustavo"
        <gustavo.barbi...@intel.com>, "Von Dentz, Luiz"
        <luiz.von.de...@intel.com>, "Jia, Pei P" <pei.p....@intel.com>,
        "Hedberg, Johan" <johan.hedb...@intel.com>
Subject: Try to run connman/bluez as no-root
Message-ID:
        <2cf57a644018a745b8fe029c7223e16e12f7b...@shsmsx104.ccr.corp.intel.com>
        
Content-Type: text/plain; charset="us-ascii"

Hi Patrick,

We want to run connman/bluez as no-root.

Firstly, we can talk about for connman.

1. We use local patch to run connman/bluez as no-root. However, it exists 
risk(maybe, some cases can't be touch).
If upstream can support onnman/bluez as no-root, it will reduce the risk very 
much.
We have talked the topic in https://github.com/otcshare/meta-iot-os/pull/159

2. Gustavo have an solution for it. 
Thanks.
"Connman/bluez/ofono can do privileged operations at the beginning and then 
drop to a different user OR spawn a child process that keeps the privileges and 
the main, unprivileged process, would talk via pipe to request operations that 
are executed in runtime.
a. create 2xpipe() [send, receive]
b. fork()
c. parent is comman, it will drop privileges. When needed it will 
write(child_write_fd...) and then read(master_read_fd... to wait for completion.
d. child is privileged, but it can drop all caps that are not needed and then 
enter a blocking while (read(child_read_fd, ...). It will execute command as 
instructed and reply with results.
We don't need to do it for all capabilities at the beginning, we can start with 
only /proc and /sys writes, so we'd define some set of helpers that you could 
easily change existing code, like:

int sysfs_write(const char *path, const char *mode, const char *data)
{
    size_t payload_len = strlen(path) + strlen(mode) + strlen(data) + 3;
    int cmd = SYSFS_WRITE;
    int r, ret;
    r = safe_write(child_write_fd, &cmd, sizeof(cmd));
    if (r < 0) die("failed to communicate with privilege process");
    r = safe_write(child_write_fd, &payload_len, sizeof(payload_len));
    if (r < 0) die("failed to communicate with privilege process");
    r = safe_write(child_write_fd, path, strlen(path) + 1);
    if (r < 0) die("failed to communicate with privilege process");
    r = safe_write(child_write_fd, mode, strlen(mode) + 1);
    if (r < 0) die("failed to communicate with privilege process");
    r = safe_write(child_write_fd, data, strlen(data) + 1);
    if (r < 0) die("failed to communicate with privilege process");
    r = read_safe(master_read_fd, &ret, sizeof(ret));
    if (r < 0) die("failed to communicate with privilege process");
    return ret;
}
Then 
http://git.kernel.org/cgit/network/connman/connman.git/tree/src/bridge.c#n41 
could be changed without major work, it would replace internal 
fopen()/fprintf()/fclose() with that wrapper.

Ideally we'd move all operations that require privilege to that daemon, so the 
main process where the computation is done, can't do mistakes even if hacked 
since the interface to the write commands above would be limited to only write 
some files, we could even use the SECCOMP to disable other syscalls.
"

Do you have some ideas for running connman as no-root?
Thanks.

Best Regards
Zheng Wu


------------------------------

Subject: Digest Footer

_______________________________________________
connman mailing list
connman@lists.01.org
https://lists.01.org/mailman/listinfo/connman


------------------------------

End of connman Digest, Vol 6, Issue 1
*************************************