privsep: dump leases in a sandbox

diff --git a/src/dhcpcd.c b/src/dhcpcd.c
index efbd672babd2f48f36aed2d245f61d131838755d..ba0c905a75839528a8bb0049027699e32d04051e 100644 (file)
--- a/src/dhcpcd.c
+++ b/src/dhcpcd.c
@@ -2198,6 +2198,14 @@ printpidfile:
                        ctx.control_fd = control_open(NULL, AF_UNSPEC,
                            ctx.options & DHCPCD_DUMPLEASE);
                if (ctx.control_fd != -1) {
+#ifdef PRIVSEP
+                       ctx.options &= ~DHCPCD_FORKED;
+                       if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx) == -1) {
+                               ctx.options |= DHCPCD_FORKED;
+                               goto exit_failure;
+                       }
+                       ctx.options |= DHCPCD_FORKED;
+#endif
                        if (!(ctx.options & DHCPCD_DUMPLEASE))
                                loginfox("sending commands to dhcpcd process");
                        len = control_send(&ctx, argc, argv);

diff --git a/src/privsep.c b/src/privsep.c
index 5a10d26aad91c7bfa12b51fd2017dc737f1b228a..3f1dc2d6e06d106a080ae02a3798312a3054a31f 100644 (file)
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -124,9 +124,10 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
        if (chdir("/") == -1)
                logerr("%s: chdir `/'", __func__);
 
-       if (setgroups(1, &pw->pw_gid) == -1 ||
+       if ((setgroups(1, &pw->pw_gid) == -1 ||
             setgid(pw->pw_gid) == -1 ||
-            setuid(pw->pw_uid) == -1)
+            setuid(pw->pw_uid) == -1) &&
+            (errno != EPERM || ctx->options & DHCPCD_FORKED))
        {
                logerr("failed to drop privileges");
                return -1;