diff options
| author | Roy Marples <roy@marples.name> | 2020-05-12 10:26:35 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-05-12 10:26:35 +0100 |
| commit | cf85354d04d98ba2117ac413edd97a46cda05293 (patch) | |
| tree | 5c79c1346f9b7435837be856798f8aa0099be3be /src/ipv6.c | |
| parent | 123d78292563042e643024fc9abf154d631b0cad (diff) | |
| download | dhcpcd-cf85354d04d98ba2117ac413edd97a46cda05293.tar.xz | |
privsep: Handle all file IO in the Priviledged Actioneer
This allows us to move the database directory back into the
root of the filesystem.
While here, harden the files by denying any user read access to them.
As part of this change, init the DUID from any machine data and
cache the default DHCP vendor field before dropping priviledges as we
may lose access to this later.
Diffstat (limited to 'src/ipv6.c')
| -rw-r--r-- | src/ipv6.c | 40 |
1 files changed, 15 insertions, 25 deletions
@@ -147,18 +147,17 @@ ipv6_init(struct dhcpcd_ctx *ctx) static ssize_t ipv6_readsecret(struct dhcpcd_ctx *ctx) { - FILE *fp; char line[1024]; unsigned char *p; size_t len; uint32_t r; - int x; - if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0) + ctx->secret_len = dhcp_read_hwaddr_aton(ctx, &ctx->secret, SECRET); + if (ctx->secret_len != 0) return (ssize_t)ctx->secret_len; if (errno != ENOENT) - logerr("%s: %s", __func__, SECRET); + logerr("%s: cannot read secret", __func__); /* Chaining arc4random should be good enough. * RFC7217 section 5.1 states the key SHOULD be at least 128 bits. @@ -178,27 +177,18 @@ ipv6_readsecret(struct dhcpcd_ctx *ctx) p += sizeof(r); } - /* Ensure that only the dhcpcd user can read the secret. - * Write permission is also denied as changing it would remove - * it's stability. */ - if ((fp = fopen(SECRET, "w")) == NULL || - chmod(SECRET, S_IRUSR) == -1) - goto eexit; - x = fprintf(fp, "%s\n", - hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line))); - if (fclose(fp) == EOF) - x = -1; - fp = NULL; - if (x > 0) - return (ssize_t)ctx->secret_len; - -eexit: - logerr("%s: %s", __func__, SECRET); - if (fp != NULL) - fclose(fp); - unlink(SECRET); - ctx->secret_len = 0; - return -1; + hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line)); + len = strlen(line); + if (len < sizeof(line) - 2) { + line[len++] = '\n'; + line[len] = '\0'; + } + if (dhcp_writefile(ctx, SECRET, S_IRUSR, line, len) == -1) { + logerr("%s: cannot write secret", __func__); + ctx->secret_len = 0; + return -1; + } + return (ssize_t)ctx->secret_len; } /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml |