]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | diff -u -r ntp-4.2.0/config.h.in ntp-4.2.0-linux-droproot/config.h.in |
2 | --- ntp-4.2.0/config.h.in 2003-10-15 11:02:22.000000000 +0200 | |
3 | +++ ntp-4.2.0-linux-droproot/config.h.in 2003-12-02 10:30:34.000000000 +0100 | |
4 | @@ -300,9 +300,12 @@ | |
5 | /* Do we have the CIOGETEV ioctl (SunOS, Linux)? */ | |
6 | #undef HAVE_CIOGETEV | |
7 | ||
8 | -/* [Use], [/dev/clockctl?] */ | |
9 | +/* Do we have non-root clock control (via Linux capabilities or NetBSD /dev/clockctl)? */ | |
10 | #undef HAVE_CLOCKCTL | |
11 | ||
12 | +/* Do we get clock access via Linux capabilities? */ | |
13 | +#undef HAVE_LINUX_CAPABILITIES | |
14 | + | |
15 | /* Define to 1 if you have the `clock_gettime' function. */ | |
16 | #undef HAVE_CLOCK_GETTIME | |
17 | ||
18 | diff -u -r ntp-4.2.0/configure.in ntp-4.2.0-linux-droproot/configure.in | |
19 | --- ntp-4.2.0/configure.in 2003-10-15 10:52:44.000000000 +0200 | |
20 | +++ ntp-4.2.0-linux-droproot/configure.in 2003-12-01 09:53:21.000000000 +0100 | |
21 | @@ -48,7 +48,7 @@ | |
22 | ||
23 | AC_CACHE_CHECK(if we should use /dev/clockctl, ac_clockctl, | |
24 | [AC_ARG_ENABLE(clockctl, | |
25 | - AC_HELP_STRING([--enable-clockctl], [Use /dev/clockctl for non-root time control]), | |
26 | + AC_HELP_STRING([--enable-clockctl], [Use NetBSD /dev/clockctl for non-root clock control]), | |
27 | [ans=$enableval], | |
28 | [case "$target" in | |
29 | *-*-netbsd*) | |
30 | @@ -63,10 +63,27 @@ | |
31 | AC_CHECK_HEADERS(sys/clockctl.h) | |
32 | case "$ac_clockctl$ac_cv_header_sys_clockctl_h" in | |
33 | yesyes) | |
34 | - AC_DEFINE(HAVE_CLOCKCTL, ,[[Use /dev/clockctl?]]) | |
35 | + AC_DEFINE(HAVE_CLOCKCTL, ,[Non-root clock control allowed via NetBSD /dev/clockctl?]) | |
36 | ;; | |
37 | esac | |
38 | ||
39 | +AC_CACHE_CHECK(if we have linux capabilities (libcap), ac_linuxcaps, | |
40 | +[AC_ARG_ENABLE(linuxcaps, | |
41 | + AC_HELP_STRING([--enable-linuxcaps], [Use Linux capabilities for non-root clock control]), | |
42 | + [ans=$enableval], | |
43 | + [ans=no]) | |
44 | +ac_linuxcaps=$ans]) | |
45 | +# End of AC_CACHE_CHECK for linuxcaps | |
46 | +AC_CHECK_HEADERS(sys/capability.h) | |
47 | +case "$ac_linuxcaps$ac_cv_header_sys_capability_h" in | |
48 | + yesyes) | |
49 | + AC_DEFINE(HAVE_LINUX_CAPABILITIES, ,[Do we have Linux capabilities?]) | |
50 | + AC_DEFINE(HAVE_CLOCKCTL, ,[Non-root clock control allowed via Linux capabilities?]) | |
51 | + LIBS="$LIBS -lcap" | |
52 | + ;; | |
53 | +esac | |
54 | + | |
55 | + | |
56 | case "$build" in | |
57 | $host) | |
58 | ;; | |
59 | diff -u -r ntp-4.2.0/ntpd/ntpd.c ntp-4.2.0-linux-droproot/ntpd/ntpd.c | |
60 | --- ntp-4.2.0/ntpd/ntpd.c 2003-07-17 12:27:28.000000000 +0200 | |
61 | +++ ntp-4.2.0-linux-droproot/ntpd/ntpd.c 2003-12-02 11:11:09.000000000 +0100 | |
62 | @@ -108,6 +108,10 @@ | |
63 | # include <ctype.h> | |
64 | # include <grp.h> | |
65 | # include <pwd.h> | |
66 | +#ifdef HAVE_LINUX_CAPABILITIES | |
67 | +# include <sys/capability.h> | |
68 | +# include <sys/prctl.h> | |
69 | +#endif | |
70 | #endif | |
71 | ||
72 | /* | |
73 | @@ -837,8 +841,18 @@ | |
74 | #ifdef HAVE_CLOCKCTL | |
75 | /* | |
76 | * Drop super-user privileges and chroot now if the OS supports | |
77 | - * non root clock control (only NetBSD for now). | |
78 | + * non root clock control (only NetBSD and Linux for now). | |
79 | */ | |
80 | + | |
81 | +#ifdef HAVE_LINUX_CAPABILITIES | |
82 | + /* set flag: keep privileges accross setuid() call (we only really need cap_sys_time): */ | |
83 | + if( prctl( PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L ) == -1 ) { | |
84 | + msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" ); | |
85 | + exit(-1); | |
86 | + } | |
87 | +#endif /* HAVE_LINUX_CAPABILITIES */ | |
88 | + | |
89 | + | |
90 | if (user != NULL) { | |
91 | if (isdigit((unsigned char)*user)) { | |
92 | sw_uid = (uid_t)strtoul(user, &endp, 0); | |
93 | @@ -871,9 +885,17 @@ | |
94 | } | |
95 | } | |
96 | } | |
97 | - if (chrootdir && chroot(chrootdir)) { | |
98 | - msyslog(LOG_ERR, "Cannot chroot to `%s': %m", chrootdir); | |
99 | - exit (-1); | |
100 | + | |
101 | + if( chrootdir ) { | |
102 | + /* make sure cwd is inside the jail: */ | |
103 | + if( chdir(chrootdir) ) { | |
104 | + msyslog(LOG_ERR, "Cannot chdir() to `%s': %m", chrootdir); | |
105 | + exit (-1); | |
106 | + } | |
107 | + if( chroot(chrootdir) ) { | |
108 | + msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir); | |
109 | + exit (-1); | |
110 | + } | |
111 | } | |
112 | if (group && setgid(sw_gid)) { | |
113 | msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group); | |
114 | @@ -891,6 +913,25 @@ | |
115 | msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user); | |
116 | exit (-1); | |
117 | } | |
118 | + | |
119 | +#ifdef HAVE_LINUX_CAPABILITIES | |
120 | + { | |
121 | + /* We may be running under non-root uid now, but we still hold full root privileges! | |
122 | + * Let's get rid of most of them; we only keep cap_sys_time: | |
123 | + */ | |
124 | + cap_t caps; | |
125 | + if( ! ( caps = cap_from_text( "cap_sys_time=ipe" ) ) ) { | |
126 | + msyslog( LOG_ERR, "cap_from_text() failed: %m" ); | |
127 | + exit(-1); | |
128 | + } | |
129 | + if( cap_set_proc( caps ) == -1 ) { | |
130 | + msyslog( LOG_ERR, "cap_set_proc() failed to drop root privileges: %m" ); | |
131 | + exit(-1); | |
132 | + } | |
133 | + cap_free( caps ); | |
134 | + } | |
135 | +#endif /* HAVE_LINUX_CAPABILITIES */ | |
136 | + | |
137 | #endif | |
138 | /* | |
139 | * Report that we're up to any trappers |