Mercurial > hg > dhcpcd

changeset 5447:66512375d759 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
privsep: dump leases in a sandbox
author Roy Marples <roy@marples.name>
date Sun, 06 Sep 2020 13:53:08 +0100
parents 560e67bb9f6f
children 4ebc88cbebe9
files src/dhcpcd.c src/privsep.c
diffstat 2 files changed, 11 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/dhcpcd.c	Sun Sep 06 13:27:31 2020 +0100
+++ b/src/dhcpcd.c	Sun Sep 06 13:53:08 2020 +0100
@@ -2198,6 +2198,14 @@
 			ctx.control_fd = control_open(NULL, AF_UNSPEC,
 			    ctx.options & DHCPCD_DUMPLEASE);
 		if (ctx.control_fd != -1) {
+#ifdef PRIVSEP
+			ctx.options &= ~DHCPCD_FORKED;
+			if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx) == -1) {
+				ctx.options |= DHCPCD_FORKED;
+				goto exit_failure;
+			}
+			ctx.options |= DHCPCD_FORKED;
+#endif
 			if (!(ctx.options & DHCPCD_DUMPLEASE))
 				loginfox("sending commands to dhcpcd process");
 			len = control_send(&ctx, argc, argv);
--- a/src/privsep.c	Sun Sep 06 13:27:31 2020 +0100
+++ b/src/privsep.c	Sun Sep 06 13:53:08 2020 +0100
@@ -124,9 +124,10 @@
 	if (chdir("/") == -1)
 		logerr("%s: chdir `/'", __func__);
 
-	if (setgroups(1, &pw->pw_gid) == -1 ||
+	if ((setgroups(1, &pw->pw_gid) == -1 ||
 	     setgid(pw->pw_gid) == -1 ||
-	     setuid(pw->pw_uid) == -1)
+	     setuid(pw->pw_uid) == -1) &&
+	     (errno != EPERM || ctx->options & DHCPCD_FORKED))
 	{
 		logerr("failed to drop privileges");
 		return -1;