Browse Source

Cache values from getpwnam() done at initialization, which need to be

used by the constraint processes setup later (chroot, setuid...)
[late getpwnam discovered during a further audit]
ok millert
OPENBSD_5_9
deraadt 9 years ago
parent
commit
531d870924
3 changed files with 29 additions and 22 deletions
  1. +11
    -14
      src/usr.sbin/ntpd/constraint.c
  2. +15
    -6
      src/usr.sbin/ntpd/ntpd.c
  3. +3
    -2
      src/usr.sbin/ntpd/ntpd.h

+ 11
- 14
src/usr.sbin/ntpd/constraint.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: constraint.c,v 1.21 2015/11/19 21:32:53 mmcc Exp $ */
/* $OpenBSD: constraint.c,v 1.22 2015/11/24 01:03:25 deraadt Exp $ */
/*
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@ -58,7 +58,7 @@ int constraint_cmp(const void *, const void *);
void priv_constraint_close(int, int);
void priv_constraint_child(struct constraint *, struct ntp_addr_msg *,
u_int8_t *, int[2]);
u_int8_t *, int[2], const char *, uid_t, gid_t);
struct httpsdate *
httpsdate_init(const char *, const char *, const char *,
@ -207,7 +207,8 @@ constraint_query(struct constraint *cstr)
}
void
priv_constraint_msg(u_int32_t id, u_int8_t *data, size_t len)
priv_constraint_msg(u_int32_t id, u_int8_t *data, size_t len,
const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
{
struct ntp_addr_msg am;
struct ntp_addr *h;
@ -257,7 +258,8 @@ priv_constraint_msg(u_int32_t id, u_int8_t *data, size_t len)
close(pipes[1]);
return;
case 0:
priv_constraint_child(cstr, &am, data + sizeof(am), pipes);
priv_constraint_child(cstr, &am, data + sizeof(am), pipes,
pw_dir, pw_uid, pw_gid);
_exit(0);
/* NOTREACHED */
@ -273,12 +275,11 @@ priv_constraint_msg(u_int32_t id, u_int8_t *data, size_t len)
void
priv_constraint_child(struct constraint *cstr, struct ntp_addr_msg *am,
u_int8_t *data, int pipes[2])
u_int8_t *data, int pipes[2], const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
{
static char hname[NI_MAXHOST];
struct timeval rectv, xmttv;
struct sigaction sa;
struct passwd *pw;
void *ctx;
struct iovec iov[2];
int i;
@ -293,18 +294,14 @@ priv_constraint_child(struct constraint *cstr, struct ntp_addr_msg *am,
&conf->ca_len, NULL)) == NULL)
log_warnx("constraint certificate verification turned off");
/* Drop privileges */
if ((pw = getpwnam(NTPD_USER)) == NULL)
fatalx("unknown user %s", NTPD_USER);
if (chroot(pw->pw_dir) == -1)
if (chroot(pw_dir) == -1)
fatal("chroot");
if (chdir("/") == -1)
fatal("chdir(\"/\")");
if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
if (setgroups(1, &pw_gid) ||
setresgid(pw_gid, pw_gid, pw_gid) ||
setresuid(pw_uid, pw_uid, pw_uid))
fatal("can't drop privileges");
/* Reset all signal handlers */


+ 15
- 6
src/usr.sbin/ntpd/ntpd.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntpd.c,v 1.98 2015/10/23 16:39:13 deraadt Exp $ */
/* $OpenBSD: ntpd.c,v 1.99 2015/11/24 01:03:25 deraadt Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -41,7 +41,7 @@ void sighdlr(int);
__dead void usage(void);
int main(int, char *[]);
int check_child(pid_t, const char *);
int dispatch_imsg(struct ntpd_conf *);
int dispatch_imsg(struct ntpd_conf *, const char *, uid_t, gid_t);
int dispatch_imsg_ctl(struct ntpd_conf *);
void reset_adjtime(void);
int ntpd_adjtime(double);
@ -113,10 +113,13 @@ main(int argc, char *argv[])
const char *conffile;
int fd_ctl, ch, nfds, i, j;
int pipe_chld[2];
struct passwd *pw;
extern char *__progname;
u_int pfd_elms = 0, new_cnt;
struct constraint *cstr;
struct passwd *pw;
const char *pw_dir;
uid_t pw_uid;
gid_t pw_gid;
void *newp;
if (strcmp(__progname, "ntpctl") == 0) {
@ -176,6 +179,10 @@ main(int argc, char *argv[])
if ((pw = getpwnam(NTPD_USER)) == NULL)
errx(1, "unknown user %s", NTPD_USER);
pw_dir = strdup(pw->pw_dir);
pw_uid = pw->pw_uid;
pw_gid = pw->pw_gid;
if (setpriority(PRIO_PROCESS, 0, -20) == -1)
warn("can't set priority");
@ -275,7 +282,7 @@ main(int argc, char *argv[])
if (nfds > 0 && pfd[PFD_PIPE].revents & POLLIN) {
nfds--;
if (dispatch_imsg(&lconf) == -1)
if (dispatch_imsg(&lconf, pw_dir, pw_uid, pw_gid) == -1)
quit = 1;
}
@ -343,7 +350,8 @@ check_child(pid_t chld_pid, const char *pname)
}
int
dispatch_imsg(struct ntpd_conf *lconf)
dispatch_imsg(struct ntpd_conf *lconf, const char *pw_dir,
uid_t pw_uid, gid_t pw_gid)
{
struct imsg imsg;
int n;
@ -396,7 +404,8 @@ dispatch_imsg(struct ntpd_conf *lconf)
break;
case IMSG_CONSTRAINT_QUERY:
priv_constraint_msg(imsg.hdr.peerid,
imsg.data, imsg.hdr.len - IMSG_HEADER_SIZE);
imsg.data, imsg.hdr.len - IMSG_HEADER_SIZE,
pw_dir, pw_uid, pw_gid);
break;
default:
break;


+ 3
- 2
src/usr.sbin/ntpd/ntpd.h View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntpd.h,v 1.124 2015/10/30 17:59:56 naddy Exp $ */
/* $OpenBSD: ntpd.h,v 1.125 2015/11/24 01:03:25 deraadt Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -355,7 +355,8 @@ int constraint_check(double);
void constraint_msg_dns(u_int32_t, u_int8_t *, size_t);
void constraint_msg_result(u_int32_t, u_int8_t *, size_t);
void constraint_msg_close(u_int32_t, u_int8_t *, size_t);
void priv_constraint_msg(u_int32_t, u_int8_t *, size_t);
void priv_constraint_msg(u_int32_t, u_int8_t *, size_t,
const char *, uid_t, gid_t);
int priv_constraint_dispatch(struct pollfd *);
void priv_constraint_check_child(pid_t, int);
char *get_string(u_int8_t *, size_t);


Loading…
Cancel
Save