src/patches/ntp-4.2.0-linuxcaps.patch

   1 diff -u -r ntp-4.2.0/config.h.in ntp-4.2.0-linux-droproot/config.h.in
   2 --- ntp-4.2.0/config.h.in       2003-10-15 11:02:22.000000000 +0200
   3 +++ ntp-4.2.0-linux-droproot/config.h.in        2003-12-02 10:30:34.000000000 +0100
   4 @@ -300,9 +300,12 @@
   5  /* Do we have the CIOGETEV ioctl (SunOS, Linux)? */
   6  #undef HAVE_CIOGETEV
   7
   8 -/* [Use], [/dev/clockctl?] */
   9 +/* Do we have non-root clock control (via Linux capabilities or NetBSD /dev/clockctl)? */
  10  #undef HAVE_CLOCKCTL
  11
  12 +/* Do we get clock access via Linux capabilities? */
  13 +#undef HAVE_LINUX_CAPABILITIES
  14 +
  15  /* Define to 1 if you have the `clock_gettime' function. */
  16  #undef HAVE_CLOCK_GETTIME
  17
  18 diff -u -r ntp-4.2.0/configure.in ntp-4.2.0-linux-droproot/configure.in
  19 --- ntp-4.2.0/configure.in      2003-10-15 10:52:44.000000000 +0200
  20 +++ ntp-4.2.0-linux-droproot/configure.in       2003-12-01 09:53:21.000000000 +0100
  21 @@ -48,7 +48,7 @@
  22
  23  AC_CACHE_CHECK(if we should use /dev/clockctl, ac_clockctl,
  24  [AC_ARG_ENABLE(clockctl,
  25 -   AC_HELP_STRING([--enable-clockctl], [Use /dev/clockctl for non-root time control]),
  26 +   AC_HELP_STRING([--enable-clockctl], [Use NetBSD /dev/clockctl for non-root clock control]),
  27      [ans=$enableval],
  28      [case "$target" in
  29        *-*-netbsd*)
  30 @@ -63,10 +63,27 @@
  31  AC_CHECK_HEADERS(sys/clockctl.h)
  32  case "$ac_clockctl$ac_cv_header_sys_clockctl_h" in
  33   yesyes)
  34 -    AC_DEFINE(HAVE_CLOCKCTL, ,[[Use /dev/clockctl?]])
  35 +    AC_DEFINE(HAVE_CLOCKCTL, ,[Non-root clock control allowed via NetBSD /dev/clockctl?])
  36      ;;
  37  esac
  38
  39 +AC_CACHE_CHECK(if we have linux capabilities (libcap), ac_linuxcaps,
  40 +[AC_ARG_ENABLE(linuxcaps,
  41 +   AC_HELP_STRING([--enable-linuxcaps], [Use Linux capabilities for non-root clock control]),
  42 +    [ans=$enableval],
  43 +    [ans=no])
  44 +ac_linuxcaps=$ans])
  45 +# End of AC_CACHE_CHECK for linuxcaps
  46 +AC_CHECK_HEADERS(sys/capability.h)
  47 +case "$ac_linuxcaps$ac_cv_header_sys_capability_h" in
  48 + yesyes)
  49 +    AC_DEFINE(HAVE_LINUX_CAPABILITIES, ,[Do we have Linux capabilities?])
  50 +    AC_DEFINE(HAVE_CLOCKCTL, ,[Non-root clock control allowed via Linux capabilities?])
  51 +    LIBS="$LIBS -lcap"
  52 +    ;;
  53 +esac
  54 +
  55 +
  56  case "$build" in
  57   $host)
  58      ;;
  59 diff -u -r ntp-4.2.0/ntpd/ntpd.c ntp-4.2.0-linux-droproot/ntpd/ntpd.c
  60 --- ntp-4.2.0/ntpd/ntpd.c       2003-07-17 12:27:28.000000000 +0200
  61 +++ ntp-4.2.0-linux-droproot/ntpd/ntpd.c        2003-12-02 11:11:09.000000000 +0100
  62 @@ -108,6 +108,10 @@
  63  # include <ctype.h>
  64  # include <grp.h>
  65  # include <pwd.h>
  66 +#ifdef HAVE_LINUX_CAPABILITIES
  67 +# include <sys/capability.h>
  68 +# include <sys/prctl.h>
  69 +#endif
  70  #endif
  71
  72  /*
  73 @@ -837,8 +841,18 @@
  74  #ifdef HAVE_CLOCKCTL
  75         /*
  76          * Drop super-user privileges and chroot now if the OS supports
  77 -        * non root clock control (only NetBSD for now).
  78 +        * non root clock control (only NetBSD and Linux for now).
  79          */
  80 +
  81 +#ifdef HAVE_LINUX_CAPABILITIES
  82 +       /* set flag: keep privileges accross setuid() call (we only really need cap_sys_time): */
  83 +       if( prctl( PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L ) == -1 ) {
  84 +               msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" );
  85 +               exit(-1);
  86 +       }
  87 +#endif /* HAVE_LINUX_CAPABILITIES */
  88 +
  89 +
  90         if (user != NULL) {
  91                 if (isdigit((unsigned char)*user)) {
  92                         sw_uid = (uid_t)strtoul(user, &endp, 0);
  93 @@ -871,9 +885,17 @@
  94                         }
  95                 }
  96         }
  97 -       if (chrootdir && chroot(chrootdir)) {
  98 -               msyslog(LOG_ERR, "Cannot chroot to `%s': %m", chrootdir);
  99 -               exit (-1);
 100 +
 101 +       if( chrootdir ) {
 102 +               /* make sure cwd is inside the jail: */
 103 +               if( chdir(chrootdir) ) {
 104 +                       msyslog(LOG_ERR, "Cannot chdir() to `%s': %m", chrootdir);
 105 +                       exit (-1);
 106 +               }
 107 +               if( chroot(chrootdir) ) {
 108 +                       msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir);
 109 +                       exit (-1);
 110 +               }
 111         }
 112         if (group && setgid(sw_gid)) {
 113                 msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
 114 @@ -891,6 +913,25 @@
 115                 msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
 116                 exit (-1);
 117         }
 118 +
 119 +#ifdef HAVE_LINUX_CAPABILITIES
 120 +       {
 121 +               /*  We may be running under non-root uid now, but we still hold full root privileges!
 122 +                *  Let's get rid of most of them; we only keep cap_sys_time:
 123 +                */
 124 +               cap_t caps;
 125 +               if( ! ( caps = cap_from_text( "cap_sys_time=ipe" ) ) ) {
 126 +                       msyslog( LOG_ERR, "cap_from_text() failed: %m" );
 127 +                       exit(-1);
 128 +               }
 129 +               if( cap_set_proc( caps ) == -1 ) {
 130 +                       msyslog( LOG_ERR, "cap_set_proc() failed to drop root privileges: %m" );
 131 +                       exit(-1);
 132 +               }
 133 +               cap_free( caps );
 134 +       }
 135 +#endif /* HAVE_LINUX_CAPABILITIES */
 136 +
 137  #endif
 138         /*
 139          * Report that we're up to any trappers