From 360d2de5b706fda9555348d4df4eb78a5eed7b3d Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 1 Jan 2015 13:26:29 -0600 Subject: [PATCH 02/11] do not allow privsep user to be a privileged user This may need to be a function call for different platforms with different capability / privilege mechanisms. --- src/usr.sbin/ntpd/ntp.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c index 1553cc0..9c96c47 100644 --- a/src/usr.sbin/ntpd/ntp.c +++ b/src/usr.sbin/ntpd/ntp.c @@ -145,6 +145,12 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf, conf = nconf; setup_listeners(se, conf, &listener_cnt); + if (pw->pw_uid == 0 || pw->pw_gid == 0) + fatal("privsep user cannot be root"); + + if (pw->pw_uid == geteuid() || pw->pw_gid == getegid()) + fatal("privsep user cannot be the privileged user"); + if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) -- 1.9.1