Hi, Rainer,
I recall to add an entry of Network Management profile
need to file a CR to solaris/rbac/library?
But tcpdump now support '-Z username' and has setuid/setgid
call in the tcpdump.c, may I need to update this section for further
discussion?
-Z Drops privileges (if root) and changes user ID to user
and the group ID to the primary group of user.
This behavior can also be enabled by default at compile
time.
#ifndef WIN32
/*
* We cannot do this earlier, because we want to be able to open
* the file (if done) for writing before giving up permissions.
*/
if (getuid() == 0 || geteuid() == 0) {
if (username || chroot_dir)
droproot(username, chroot_dir);
}
#endif /* WIN32 */
#ifndef WIN32
/* Drop root privileges and chroot if necessary */
static void
droproot(const char *username, const char *chroot_dir)
{
struct passwd *pw = NULL;
if (chroot_dir && !username) {
fprintf(stderr, "tcpdump: Chroot without dropping root is
insecure\n");
exit(1);
}
pw = getpwnam(username);
if (pw) {
if (chroot_dir) {
if (chroot(chroot_dir) != 0 || chdir ("/") != 0) {
fprintf(stderr, "tcpdump: Couldn't chroot/chdir
to '%.64s': %s\n",
chroot_dir, pcap_strerror(errno));
exit(1);
}
}
if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
fprintf(stderr, "tcpdump: Couldn't change to '%.32s'
uid=%lu gid=%lu: %s\n",
username,
(unsigned long)pw->pw_uid,
(unsigned long)pw->pw_gid,
pcap_strerror(errno));
exit(1);
}
}
else {
fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n",
username);
exit(1);
}
}
#endif /* WIN32 */
Rainer Orth wrote:
> James Walker <jw137282 at sac.sfbay.sun.com> writes:
>
>> 3.4.2 Authorization
>> (see http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/
>> and
>> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/
>> and
>> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/
>> for details)
>> Are there any setuid/setgid privileged binaries in the project?
>> [ ] Yes - ARC review required
>> [*] No - continue with next section (section 3.4.3)
>>
>> If yes then are the setuid/setgid privileges handled by the use of
>> roles?
>> [ ] Yes
>> [ ] No - ARC review required
>
> Shouldn't tcpdump be added to the Network Management profile in
> /etc/security/exec_attr, just like snoop is?
>
> Rainer
>
--
Regards,
Robin Guo, Xue-Bin Guo
Solaris Kernel and Data Service QE,
Sun China Engineering and Reserch Institute
Phone: +86 10 82618200 +82296
Email: robin.guo at sun.com
Blog: http://blogs.sun.com/robinguo
