summaryrefslogtreecommitdiffstats
path: root/src/privsep-bpf.c
diff options
context:
space:
mode:
authorRoy Marples <roy@marples.name>2020-05-07 20:57:22 +0100
committerRoy Marples <roy@marples.name>2020-05-07 20:57:22 +0100
commit727b7e9bf8b2fe810913c76c5fd36767869944bb (patch)
tree6658f3e35253c3e454db835643e0bdaaf860a885 /src/privsep-bpf.c
parent47fd1621cbe22b4e085d2bb36d01b610bb125980 (diff)
downloaddhcpcd-727b7e9bf8b2fe810913c76c5fd36767869944bb.tar.xz
privsep: Enable capsicum for network facing processes
All fd's in network facing processes are fully limited. Capability mode is only enabled for BPF processes because it's too restrictive otherwise - the reasons are noted in the commit.
Diffstat (limited to 'src/privsep-bpf.c')
-rw-r--r--src/privsep-bpf.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/src/privsep-bpf.c b/src/privsep-bpf.c
index 28394ea9..b1ed821d 100644
--- a/src/privsep-bpf.c
+++ b/src/privsep-bpf.c
@@ -54,6 +54,10 @@
#include "logerr.h"
#include "privsep.h"
+#ifdef HAVE_CAPSICUM
+#include <sys/capsicum.h>
+#endif
+
static void
ps_bpf_recvbpf(void *arg)
{
@@ -152,6 +156,13 @@ ps_bpf_start_bpf(void *arg)
{
struct ps_process *psp = arg;
struct dhcpcd_ctx *ctx = psp->psp_ctx;
+#ifdef HAVE_CAPSICUM
+ cap_rights_t rights;
+
+ /* We need CAP_IOCTL so we can change the BPF filter when we
+ * need to. */
+ cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT, CAP_IOCTL);
+#endif
setproctitle("[BPF %s] %s", psp->psp_protostr, psp->psp_ifname);
@@ -160,6 +171,11 @@ ps_bpf_start_bpf(void *arg)
psp->psp_work_fd = bpf_open(&psp->psp_ifp, psp->psp_filter);
if (psp->psp_work_fd == -1)
logerr("%s: bpf_open",__func__);
+#ifdef HAVE_CAPSICUM
+ else if (cap_rights_limit(psp->psp_work_fd, &rights) == -1 &&
+ errno != ENOSYS)
+ logerr("%s: cap_rights_limit", __func__);
+#endif
else if (eloop_event_add(ctx->eloop,
psp->psp_work_fd, ps_bpf_recvbpf, psp) == -1)
logerr("%s: eloop_event_add", __func__);
@@ -252,7 +268,8 @@ ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg)
start = ps_dostart(ctx,
&psp->psp_pid, &psp->psp_fd,
ps_bpf_recvmsg, NULL, psp,
- ps_bpf_start_bpf, ps_bpf_signal_bpfcb, PSF_DROPPRIVS);
+ ps_bpf_start_bpf, ps_bpf_signal_bpfcb,
+ PSF_DROPPRIVS | PSF_CAP_ENTER);
switch (start) {
case -1:
ps_freeprocess(psp);
generated by cgit v1.2.3 (git 2.25.1) at 2021-03-13 22:13:19 +0000