This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

[PATCH] New nscd option for droping privilegs


Hi,

I have created a patch for glibc 2.2, which allows nscd to change
the uid to a user without special privilegs at startup. This will 
only be done, if the admin configures it in nscd.conf, and no secure
option (-S) is used.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/       kukuk@suse.de
SuSE GmbH            Schanzaeckerstr. 10            90443 Nuernberg
Linux is like a Vorlon.  It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.

2000-04-20  Thorsten Kukuk  <kukuk@suse.de>

	* nscd/nscd.c: Start new session for nscd, drop privilegs
	  to configured user if requested and no -S parameter are used.
	* nscd/nscd.conf: Add new option "server-user"
	* nscd/nscd_conf.c: Add support for new "server-user" option.
	* nscd/nscd.h: Add protoype for server_user variable.
	Based on patch by Chris Wing <wingc@engin.umich.edu>

--- nscd/nscd.c
+++ nscd/nscd.c	2000/04/12 14:14:03
@@ -1,4 +1,4 @@
-/* Copyright (c) 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (c) 1998, 1999, 2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
 
@@ -62,6 +62,7 @@
 int disabled_passwd;
 int disabled_group;
 int go_background = 1;
+char *server_user = NULL;
 
 int secure[lastdb];
 int secure_in_use;
@@ -69,6 +70,7 @@
 
 static int check_pid (const char *file);
 static int write_pid (const char *file);
+static void drop_privileges (void);
 
 /* Name and version of program.  */
 static void print_version (FILE *stream, struct argp_state *state);
@@ -140,6 +142,8 @@
       if (fork ())
 	exit (0);
 
+      setsid ();
+
       chdir ("/");
 
       openlog ("nscd", LOG_CONS | LOG_ODELAY, LOG_DAEMON);
@@ -164,6 +168,10 @@
   /* Init databases.  */
   nscd_init (conffile);
 
+  /* Change to unprivileged UID if specifed in config file */
+  if(server_user && !secure_in_use)
+    drop_privileges ();
+
   /* Handle incoming requests */
   start_threads ();
 
@@ -362,4 +370,37 @@
   fclose (fp);
 
   return 0;
+}
+
+/* Look up the uid and gid associated with the user we are supposed to run
+   the server as, and then call setgid(), setgroups(), and setuid().
+   Otherwise, abort- we should not run as root if the configuration file
+   specifically tells us not to. */
+
+static void
+drop_privileges (void)
+{
+  int buflen = 256;
+  char *buffer = alloca (buflen);
+  struct passwd resultbuf;
+  struct passwd *pwd;
+
+  while (__getpwnam_r (server_user, &resultbuf, buffer, buflen, &pwd) != 0
+	 && errno == ERANGE)
+    {
+      errno = 0;
+      buflen += 256;
+      buffer = alloca (buflen);
+    }
+
+  if(!pwd)
+    {
+      dbg_log (_("Failed to look up user '%s' to run server as"),
+	       server_user);
+      exit(1);
+    }
+
+  setgroups (0, NULL);
+  setgid (pwd->pw_gid);
+  setuid (pwd->pw_uid);
 }
--- nscd/nscd.conf
+++ nscd/nscd.conf	2000/04/12 14:15:47
@@ -8,6 +8,8 @@
 #	logfile			<file>
 #	debug-level		<level>
 #	threads			<#threads to use>
+#	server-user             <user to run server as instead of root>
+#		server-user is ignored if nscd is started with -S parameters
 #
 #       enable-cache		<service> <yes|no>
 #	positive-time-to-live	<service> <time in seconds>
@@ -21,7 +23,7 @@
 
 #	logfile			/var/log/nscd.log
 #	threads			6
-
+#	server-user		nobody
 	debug-level		0
 
 	enable-cache		passwd		yes
--- nscd/nscd_conf.c
+++ nscd/nscd_conf.c	2000/04/12 14:17:31
@@ -1,6 +1,6 @@
 /* Copyright (c) 1998 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
-   Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1998.
+   Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
 
    The GNU C Library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Library General Public License as
@@ -175,6 +175,13 @@
 	  if (nthreads == -1)
 	    nthreads = MAX (atol (arg1), lastdb);
 	}
+      else if (strcmp (entry, "server-user") == 0)
+        {
+          if (!arg1)
+            dbg_log (_("Must specify user name for server-user option"), arg1);
+          else
+            server_user = strdup (arg1);
+        }
       else
 	dbg_log (_("Unknown option: %s %s %s"), entry, arg1, arg2);
     }
--- nscd/nscd.h
+++ nscd/nscd.h	2000/04/12 14:16:17
@@ -96,6 +96,9 @@
 extern int secure[lastdb];
 extern int secure_in_use; /* Is one of the above 1 ? */
 
+/* User name to run server processes as */
+extern char *server_user;
+
 /* Prototypes for global functions.  */
 
 /* nscd.c */
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]