Author: pjd
Date: Wed Jul 3 21:07:02 2013
New Revision: 252605
URL: http://svnweb.freebsd.org/changeset/base/252605
Log:
Sandbox rwhod(8) receiver process using capability mode and Capsicum
capabilities.
rwhod(8) receiver can now only receive packages, write to /var/rwho/ directory
and log to syslog.
Submitted by: Mariusz Zaborski <osho...@freebsd.org>
Sponsored by: Google Summer of Code 2013
Reviewed by: pjd
MFC after: 1 month
Modified:
head/usr.sbin/rwhod/rwhod.c
Modified: head/usr.sbin/rwhod/rwhod.c
==============================================================================
--- head/usr.sbin/rwhod/rwhod.c Wed Jul 3 21:05:35 2013 (r252604)
+++ head/usr.sbin/rwhod/rwhod.c Wed Jul 3 21:07:02 2013 (r252605)
@@ -43,6 +43,7 @@ static char sccsid[] = "@(#)rwhod.c 8.1
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
+#include <sys/capability.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/stat.h>
@@ -220,7 +221,7 @@ main(int argc, char *argv[])
daemon(1, 0);
#endif
(void) signal(SIGHUP, getboottime);
- openlog("rwhod", LOG_PID, LOG_DAEMON);
+ openlog("rwhod", LOG_PID | LOG_NDELAY, LOG_DAEMON);
sp = getservbyname("who", "udp");
if (sp == NULL) {
syslog(LOG_ERR, "who/udp: unknown service");
@@ -342,12 +343,27 @@ receiver_process(void)
struct sockaddr_in from;
struct stat st;
char path[64];
+ int dirfd;
struct whod wd;
socklen_t len;
int cc, whod;
time_t t;
len = sizeof(from);
+ dirfd = open(".", O_RDONLY | O_DIRECTORY);
+ if (dirfd < 0) {
+ syslog(LOG_WARNING, "%s: %m", _PATH_RWHODIR);
+ exit(1);
+ }
+ if (cap_rights_limit(dirfd, CAP_CREATE | CAP_WRITE | CAP_FTRUNCATE |
+ CAP_SEEK | CAP_LOOKUP | CAP_FSTAT) < 0 && errno != ENOSYS) {
+ syslog(LOG_WARNING, "cap_rights_limit: %m");
+ exit(1);
+ }
+ if (cap_enter() < 0 && errno != ENOSYS) {
+ syslog(LOG_ERR, "cap_enter: %m");
+ exit(1);
+ }
for (;;) {
cc = recvfrom(s, &wd, sizeof(wd), 0, (struct sockaddr *)&from,
&len);
@@ -380,11 +396,16 @@ receiver_process(void)
* Rather than truncating and growing the file each time,
* use ftruncate if size is less than previous size.
*/
- whod = open(path, O_WRONLY | O_CREAT, 0644);
+ whod = openat(dirfd, path, O_WRONLY | O_CREAT, 0644);
if (whod < 0) {
syslog(LOG_WARNING, "%s: %m", path);
continue;
}
+ if (cap_rights_limit(whod, CAP_WRITE | CAP_FTRUNCATE |
+ CAP_FSTAT) < 0 && errno != ENOSYS) {
+ syslog(LOG_WARNING, "cap_rights_limit: %m");
+ exit(1);
+ }
#if ENDIAN != BIG_ENDIAN
{
struct whoent *we;
@@ -412,6 +433,7 @@ receiver_process(void)
ftruncate(whod, cc);
(void) close(whod);
}
+ (void) close(dirfd);
}
void
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
