The following patch uses the Solaris privilege API to drop
privileges so that the tcs daemon does not run with privileges
it does not need.
--- src/tcsd/svrside.c.orig Thu Jan 21 15:18:55 2010
+++ src/tcsd/svrside.c Wed Jan 27 12:51:25 2010
@@ -27,6 +27,11 @@
#include <arpa/inet.h>
#include <errno.h>
#include <getopt.h>
+#ifdef SOLARIS
+#include <fcntl.h>
+#include <priv.h>
+#endif
+
#include "trousers/tss.h"
#include "trousers_types.h"
#include "tcs_tsp.h"
@@ -207,12 +212,85 @@
}
+#ifdef SOLARIS
+
+/*
+ * For Solaris, make the tcsd privilege aware and drop
+ * risky privileges if they are not needed.
+ */
+static int
+drop_privs()
+{
+ priv_set_t *myprivs;
+ int rv;
+
+ /*
+ * Drop unneeded privs such as fork/exec.
+ *
+ * Get "basic" privs and remove the ones we don't want.
+ */
+ if ((myprivs = priv_str_to_set("basic", ",", NULL)) == NULL) {
+ LogError("priv_str_to_set failed: %s", strerror(errno));
+ return (1);
+ } else {
+ (void) priv_delset(myprivs, PRIV_PROC_EXEC);
+ (void) priv_delset(myprivs, PRIV_PROC_FORK);
+ (void) priv_delset(myprivs, PRIV_FILE_LINK_ANY);
+ (void) priv_delset(myprivs, PRIV_PROC_INFO);
+ (void) priv_delset(myprivs, PRIV_PROC_SESSION);
+ (void) priv_delset(myprivs, PRIV_PROC_SETID);
+
+ /* for BSM auditing */
+ (void) priv_addset(myprivs, PRIV_PROC_AUDIT);
+
+ if ((rv = setppriv(PRIV_SET, PRIV_PERMITTED, myprivs)))
+ return (rv);
+ if ((rv = setppriv(PRIV_SET, PRIV_LIMIT, myprivs)))
+ return (rv);
+ if ((rv = setppriv(PRIV_SET, PRIV_INHERITABLE, myprivs)))
+ return (rv);
+
+ (void) priv_freeset(myprivs);
+ }
+ return (0);
+}
+#endif /* SOLARIS */
+
+#ifndef HAVE_DAEMON
+static int
+daemon(int nochdir, int noclose) {
+ int rv, fd;
+
+ switch (fork()) {
+ case -1:
+ return (-1);
+ case 0:
+ break;
+ default:
+ exit (0);
+ }
+
+ if (setsid() == -1)
+ return (-1);
+ if (!nochdir)
+ (void) chdir("/");
+ if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) {
+ (void) dup2(fd, STDIN_FILENO);
+ (void) dup2(fd, STDOUT_FILENO);
+ (void) dup2(fd, STDERR_FILENO);
+ if (fd > 2)
+ (void)close (fd);
+ }
+ return (0);
+}
+#endif /* !HAVE_DAEMON */
+
int
main(int argc, char **argv)
{
struct sockaddr_in serv_addr, client_addr;
TSS_RESULT result;
- int sd, newsd, c, option_index = 0;
+ int sd, newsd, c, rv, option_index = 0;
unsigned client_len;
char *hostname = NULL;
struct passwd *pwd;
@@ -245,6 +323,12 @@
LogError("Failed socket: %s", strerror(errno));
return -1;
}
+#ifdef SOLARIS
+ /* For Solaris, drop privileges for security. */
+ rv = drop_privs();
+ if (rv)
+ return (rv);
+#endif /* SOLARIS */
memset(&serv_addr, 0, sizeof (serv_addr));
serv_addr.sin_family = AF_INET;
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
