dhclient: Enter capability mode before dropping privileges.

This is needed to be able to chroot in the fallback case where
Capsicum is not available.

Reported by:	Daniel Braniss <danny@cs.huji.ac.il>
X-MFC with:	r337382
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Mark Johnston 2018-08-07 13:50:21 +00:00
parent 6938805f41
commit 17cfcf1dc2

View File

@ -529,23 +529,21 @@ main(int argc, char *argv[])
if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS)
error("can't limit route socket: %m");
if (setgroups(1, &pw->pw_gid) ||
setegid(pw->pw_gid) || setgid(pw->pw_gid) ||
seteuid(pw->pw_uid) || setuid(pw->pw_uid))
error("can't drop privileges: %m");
endpwent();
setproctitle("%s", ifi->name);
/* setgroups(2) is not permitted in capability mode. */
if (setgroups(1, &pw->pw_gid) != 0)
error("can't restrict groups: %m");
if (caph_enter_casper() < 0)
error("can't enter capability mode: %m");
/*
* If we are not in capability mode (i.e., because Capsicum or
* libcasper is disabled), try to restrict filesystem access. This
* will fail if kern.chroot_allow_open_directories is 0 or the process
* is jailed.
* If we are not in capability mode (i.e., Capsicum or libcasper is
* disabled), try to restrict filesystem access. This will fail if
* kern.chroot_allow_open_directories is 0 or the process is jailed.
*/
if (cap_getmode(&capmode) < 0 || capmode == 0) {
if (chroot(_PATH_VAREMPTY) == -1)
@ -554,6 +552,10 @@ main(int argc, char *argv[])
error("chdir(\"/\")");
}
if (setegid(pw->pw_gid) || setgid(pw->pw_gid) ||
seteuid(pw->pw_uid) || setuid(pw->pw_uid))
error("can't drop privileges: %m");
if (immediate_daemon)
go_daemon();