Portable build framework for OpenNTPD
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

31 lines
1.0 KiB

10 years ago
10 years ago
  1. From fb62935494233b756bfbe48b3652c07c378ef55e Mon Sep 17 00:00:00 2001
  2. From: Brent Cook <busterb@gmail.com>
  3. Date: Thu, 1 Jan 2015 13:26:29 -0600
  4. Subject: [PATCH 02/13] do not allow privsep user to be a privileged user
  5. This may need to be a function call for different platforms with
  6. different capability / privilege mechanisms.
  7. ---
  8. src/usr.sbin/ntpd/ntp.c | 6 ++++++
  9. 1 file changed, 6 insertions(+)
  10. diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
  11. index 625364a..c8f095e 100644
  12. --- a/src/usr.sbin/ntpd/ntp.c
  13. +++ b/src/usr.sbin/ntpd/ntp.c
  14. @@ -145,6 +145,12 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf,
  15. conf = nconf;
  16. setup_listeners(se, conf, &listener_cnt);
  17. + if (pw->pw_uid == 0 || pw->pw_gid == 0)
  18. + fatal("privsep user cannot be root");
  19. +
  20. + if (pw->pw_uid == geteuid() || pw->pw_gid == getegid())
  21. + fatal("privsep user cannot be the privileged user");
  22. +
  23. if (setgroups(1, &pw->pw_gid) ||
  24. setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
  25. setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
  26. --
  27. 1.9.1