diff options
| author | Roy Marples <roy@marples.name> | 2020-06-05 20:24:21 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-06-05 20:24:21 +0100 |
| commit | 7ef3d6a703f5c3b1fa537ae324f7d79f085f31f9 (patch) | |
| tree | 096d27b660b63c09ff2d66c183ab3a21b1fbea6f /src/privsep-inet.c | |
| parent | ff6831723b04b617f73e88cf84387f46eea1faf5 (diff) | |
| download | dhcpcd-7ef3d6a703f5c3b1fa537ae324f7d79f085f31f9.tar.xz | |
privsep: Limit rights generically rather than Capsicum specifc
You never know when another sandbox tech comes around.
While here, add limits for every socket in the unpriviledged
processes. Some were absent before.
Also, note that RLIMIT_NOFILE breaks our control socket so
temporary disable that.
Diffstat (limited to 'src/privsep-inet.c')
| -rw-r--r-- | src/privsep-inet.c | 68 |
1 files changed, 18 insertions, 50 deletions
diff --git a/src/privsep-inet.c b/src/privsep-inet.c index 48fb19a2..0ac2b39a 100644 --- a/src/privsep-inet.c +++ b/src/privsep-inet.c @@ -99,11 +99,6 @@ ps_inet_startcb(void *arg) { struct dhcpcd_ctx *ctx = arg; int ret = 0; -#ifdef HAVE_CAPSICUM - cap_rights_t rights; - - cap_rights_init(&rights, CAP_RECV, CAP_EVENT); -#endif if (ctx->options & DHCPCD_MASTER) setproctitle("[network proxy]"); @@ -126,11 +121,9 @@ ps_inet_startcb(void *arg) ctx->udp_rfd = dhcp_openudp(NULL); if (ctx->udp_rfd == -1) logerr("%s: dhcp_open", __func__); -#ifdef HAVE_CAPSICUM - else if (cap_rights_limit(ctx->udp_rfd, &rights) == -1 - && errno != ENOSYS) - { - logerr("%s: cap_rights_limit", __func__); +#ifdef PRIVSEP_RIGHTS + else if (ps_rights_limit_fd_rdonly(ctx->udp_rfd) == -1) { + logerr("%s: ps_rights_limit_fd_rdonly", __func__); close(ctx->udp_rfd); ctx->udp_rfd = -1; } @@ -150,11 +143,9 @@ ps_inet_startcb(void *arg) ctx->nd_fd = ipv6nd_open(true); if (ctx->nd_fd == -1) logerr("%s: ipv6nd_open", __func__); -#ifdef HAVE_CAPSICUM - else if (cap_rights_limit(ctx->nd_fd, &rights) == -1 - && errno != ENOSYS) - { - logerr("%s: cap_rights_limit", __func__); +#ifdef PRIVSEP_RIGHTS + else if (ps_rights_limit_fd_rdonly(ctx->nd_fd) == -1) { + logerr("%s: ps_rights_limit_fd_rdonly", __func__); close(ctx->nd_fd); ctx->nd_fd = -1; } @@ -176,11 +167,9 @@ ps_inet_startcb(void *arg) ctx->dhcp6_rfd = dhcp6_openudp(0, NULL); if (ctx->dhcp6_rfd == -1) logerr("%s: dhcp6_open", __func__); -#ifdef HAVE_CAPSICUM - else if (cap_rights_limit(ctx->dhcp6_rfd, &rights) == -1 - && errno != ENOSYS) - { - logerr("%s: cap_rights_limit", __func__); +#ifdef PRIVSEP_RIGHTS + else if (ps_rights_limit_fd_rdonly(ctx->dhcp6_rfd) == -1) { + logerr("%s: ps_rights_limit_fd_rdonly", __func__); close(ctx->dhcp6_rfd); ctx->dhcp6_rfd = -1; } @@ -398,11 +387,6 @@ ps_inet_listenin(void *arg) struct ps_process *psp = arg; struct in_addr *ia = &psp->psp_id.psi_addr.psa_in_addr; char buf[INET_ADDRSTRLEN]; -#ifdef HAVE_CAPSICUM - cap_rights_t rights; - - cap_rights_init(&rights, CAP_RECV, CAP_EVENT); -#endif inet_ntop(AF_INET, ia, buf, sizeof(buf)); setproctitle("[network proxy] %s", buf); @@ -413,11 +397,9 @@ ps_inet_listenin(void *arg) return -1; } -#ifdef HAVE_CAPSICUM - if (cap_rights_limit(psp->psp_work_fd, &rights) == -1 && - errno != ENOSYS) - { - logerr("%s: cap_rights_limit", __func__); +#ifdef PRIVSEP_RIGHTS + if (ps_rights_limit_fd_rdonly(psp->psp_work_fd) == -1) { + logerr("%s: ps_rights_limit_fd_rdonly", __func__); return -1; } #endif @@ -449,11 +431,6 @@ static int ps_inet_listennd(void *arg) { struct ps_process *psp = arg; -#ifdef HAVE_CAPSICUM - cap_rights_t rights; - - cap_rights_init(&rights, CAP_RECV, CAP_EVENT); -#endif setproctitle("[ND network proxy]"); @@ -463,11 +440,9 @@ ps_inet_listennd(void *arg) return -1; } -#ifdef HAVE_CAPSICUM - if (cap_rights_limit(psp->psp_work_fd, &rights) == -1 && - errno != ENOSYS) - { - logerr("%s: cap_rights_limit", __func__); +#ifdef PRIVSEP_RIGHTS + if (ps_rights_limit_fd_rdonly(psp->psp_work_fd) == -1) { + logerr("%s: ps_rights_limit_fd_rdonly", __func__); return -1; } #endif @@ -501,11 +476,6 @@ ps_inet_listenin6(void *arg) struct ps_process *psp = arg; struct in6_addr *ia = &psp->psp_id.psi_addr.psa_in6_addr; char buf[INET6_ADDRSTRLEN]; -#ifdef HAVE_CAPSICUM - cap_rights_t rights; - - cap_rights_init(&rights, CAP_RECV, CAP_EVENT); -#endif inet_ntop(AF_INET6, ia, buf, sizeof(buf)); setproctitle("[network proxy] %s", buf); @@ -516,11 +486,9 @@ ps_inet_listenin6(void *arg) return -1; } -#ifdef HAVE_CAPSICUM - if (cap_rights_limit(psp->psp_work_fd, &rights) == -1 && - errno != ENOSYS) - { - logerr("%s: cap_rights_limit", __func__); +#ifdef PRIVSEP_RIGHTS + if (ps_rights_limit_fd_rdonly(psp->psp_work_fd) == -1) { + logerr("%s: ps_rights_limit_fd_rdonly", __func__); return -1; } #endif |