diff options
| author | Roy Marples <roy@marples.name> | 2019-11-28 16:41:15 +0000 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2019-11-28 16:41:15 +0000 |
| commit | d5786118da1bad4c247631cae86344f1b249a8cb (patch) | |
| tree | b62b1e3a7ba544c9e842e6f595b25fdaab8059b4 /src/dhcpcd.c | |
| parent | f90486b1657f0331ae5e7d817b9ba3de90856d52 (diff) | |
| download | dhcpcd-d5786118da1bad4c247631cae86344f1b249a8cb.tar.xz | |
privsep: Add support for priviledge separation
Not enabled by default - enable with ./configure --enable-privsep
Requires a user added to the system - default _dhcpcd
Several processes will be spawned off the main state engine:
a privileged actioneer and a generic network proxy.
Only the privileged actioneer process will retain root permissions.
When required, the privileged actioneer will also spawn
BPF listeners for BOOTP (DHCP) and ARP.
The BOOTP BPF listener should be a short lived process.
On kernels with RFC 5227 support, the ARP BPF listener will only
be used for ARPing and announcing a preferred address and will
also be a short lived process.
When not running in master mode, an address listener will be
spawned for each address (with the exception of RA dervived addresses)
dhcpcd cares about.
TODO:
* Solaris support.
* ARP BPF address filtering.
Diffstat (limited to 'src/dhcpcd.c')
| -rw-r--r-- | src/dhcpcd.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/dhcpcd.c b/src/dhcpcd.c index 140b8aa1..f6e924fc 100644 --- a/src/dhcpcd.c +++ b/src/dhcpcd.c @@ -66,6 +66,7 @@ const char dhcpcd_copyright[] = "Copyright (c) 2006-2019 Roy Marples"; #include "ipv6.h" #include "ipv6nd.h" #include "logerr.h" +#include "privsep.h" #include "script.h" #ifdef HAVE_UTIL_H @@ -1254,6 +1255,8 @@ reload_config(struct dhcpcd_ctx *ctx) ifo->options |= DHCPCD_MASTER; if (ctx->options & DHCPCD_DAEMONISED) ifo->options |= DHCPCD_DAEMONISED; + if (ctx->options & DHCPCD_PRIVSEP) + ifo->options |= DHCPCD_PRIVSEP; ctx->options = ifo->options; free_options(ctx, ifo); } @@ -1607,6 +1610,9 @@ main(int argc, char **argv) #ifdef AUTH " AUTH" #endif +#ifdef PRIVSEP + " PRIVSEP" +#endif "\n"); return EXIT_SUCCESS; } @@ -1632,6 +1638,10 @@ main(int argc, char **argv) #ifdef DHCP6 ctx.dhcp6_fd = -1; #endif +#ifdef PRIVSEP + ctx.ps_root_fd = ctx.ps_data_fd = -1; + TAILQ_INIT(&ctx.ps_processes); +#endif rt_init(&ctx); logopts = LOGERR_ERR|LOGERR_LOG|LOGERR_LOG_DATE|LOGERR_LOG_PID; @@ -2011,6 +2021,18 @@ printpidfile: if_disable_rtadv(); #endif +#ifdef PRIVSEP + if (!(ctx.options & DHCPCD_TEST)) { + switch(ps_start(&ctx)) { + case -1: + logerr("ps_start"); + goto exit_failure; + case 0: + goto run_loop; + } + } +#endif + if (if_opensockets(&ctx) == -1) { logerr("%s: if_opensockets", __func__); goto exit_failure; @@ -2123,6 +2145,9 @@ printpidfile: dhcpcd_prestartinterface, ifp); } +#ifdef PRIVSEP +run_loop: +#endif i = eloop_start(ctx.eloop, &ctx.sigset); if (i < 0) { logerr("%s: eloop_start", __func__); @@ -2138,6 +2163,9 @@ exit_failure: i = EXIT_FAILURE; exit1: +#ifdef PRIVSEP + ps_stop(&ctx); +#endif if (ifaddrs != NULL) freeifaddrs(ifaddrs); if (control_stop(&ctx) == -1) |