From aa2405e804f2c2e06204c31ebe8e84e2db3ebefd Mon Sep 17 00:00:00 2001 Message-Id: From: Mark Wooding Date: Sat, 20 Dec 2008 17:06:11 +0000 Subject: [PATCH] server: Set admin socket permissions to match user. Organization: Straylight/Edgeware From: Mark Wooding We create the socket before dropping privileges so that we can create it somewhere we might not be able to write to later. This change will make it possible for other processes running with reduced privilege to connect and issue administration requests. --- server/admin.c | 9 ++++++++- server/tripe.8.in | 3 ++- server/tripe.c | 2 +- server/tripe.h | 4 +++- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/server/admin.c b/server/admin.c index c4433e45..00288f30 100644 --- a/server/admin.c +++ b/server/admin.c @@ -2153,13 +2153,15 @@ void a_daemon(void) { flags |= F_DAEMON; } /* --- @a_init@ --- * * * Arguments: @const char *name@ = socket name to create + * @uid_t u@ = user to own the socket + * @gid_t g@ = group to own the socket * * Returns: --- * * Use: Creates the admin listening socket. */ -void a_init(const char *name) +void a_init(const char *name, uid_t u, gid_t g) { int fd; int n = 5; @@ -2215,6 +2217,11 @@ again: goto again; } chmod(sun.sun_path, 0600); + if (chown(sun.sun_path, u, g)) { + T( trace(T_ADMIN, + "admin: failed to give away socket: %s", + strerror(errno)); ) + } fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); if (listen(fd, 5)) die(EXIT_FAILURE, "couldn't listen on socket: %s", strerror(errno)); diff --git a/server/tripe.8.in b/server/tripe.8.in index edf0ea58..9c6aea80 100644 --- a/server/tripe.8.in +++ b/server/tripe.8.in @@ -215,7 +215,8 @@ to .IR user 's primary group, unless overridden by a .B \-G -option. +option. The selected user (and group) will also be the owner of the +administration socket. .TP .BI "\-G, \-\-setgid=" group Set gid to that of diff --git a/server/tripe.c b/server/tripe.c index ebd8efc7..ba59dfea 100644 --- a/server/tripe.c +++ b/server/tripe.c @@ -288,9 +288,9 @@ int main(int argc, char *argv[]) af |= AF_FOREGROUND; a_create(STDIN_FILENO, STDOUT_FILENO, af); } + a_init(csock, u, g); u_setugid(u, g); km_init(kr_priv, kr_pub, tag_priv); - a_init(csock); if (f & f_daemon) { if (daemonize()) die(EXIT_FAILURE, "couldn't become a daemon: %s", strerror(errno)); diff --git a/server/tripe.h b/server/tripe.h index d955c88e..a3f04c73 100644 --- a/server/tripe.h +++ b/server/tripe.h @@ -899,13 +899,15 @@ extern void a_daemon(void); /* --- @a_init@ --- * * * Arguments: @const char *sock@ = socket name to create + * @uid_t u@ = user to own the socket + * @gid_t g@ = group to own the socket * * Returns: --- * * Use: Creates the admin listening socket. */ -extern void a_init(const char */*sock*/); +extern void a_init(const char */*sock*/, uid_t /*u*/, gid_t /*g*/); /*----- Mapping with addresses as keys ------------------------------------*/ -- [mdw]