From: Roy Marples <roy@marples.name>
Date: Sun, 6 Sep 2020 11:20:40 +0000 (+0100)
Subject: privsep: Dump leases from stdin in a limited sandbox
X-Git-Tag: v9.2.0~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=887a28b736970e3c79a243f77986545cd56d62b1;p=thirdparty%2Fdhcpcd.git

privsep: Dump leases from stdin in a limited sandbox
---

diff --git a/src/dhcpcd.c b/src/dhcpcd.c
index 9c47ca7c..861ff3bf 100644
--- a/src/dhcpcd.c
+++ b/src/dhcpcd.c
@@ -2135,11 +2135,20 @@ printpidfile:
 	}
 #endif
 
+#ifdef PRIVSEP
+	ps_init(&ctx);
+#endif
+
 #ifndef SMALL
 	if (ctx.options & DHCPCD_DUMPLEASE &&
 	    ioctl(fileno(stdin), FIONREAD, &i, sizeof(i)) == 0 &&
 	    i > 0)
 	{
+		ctx.options |= DHCPCD_FORKED; /* pretend child process */
+#ifdef PRIVSEP
+		if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx) == -1)
+			goto exit_failure;
+#endif
 		ifp = calloc(1, sizeof(*ifp));
 		if (ifp == NULL) {
 			logerr(__func__);
@@ -2241,11 +2250,6 @@ printpidfile:
 	if (freopen(_PATH_DEVNULL, "r", stdin) == NULL)
 		logerr("%s: freopen stdin", __func__);
 
-
-#ifdef PRIVSEP
-	ps_init(&ctx);
-#endif
-
 #if defined(USE_SIGNALS) && !defined(THERE_IS_NO_FORK)
 	if (xsocketpair(AF_UNIX, SOCK_DGRAM | SOCK_CXNB, 0, fork_fd) == -1 ||
 	    xsocketpair(AF_UNIX, SOCK_DGRAM | SOCK_CXNB, 0, stderr_fd) == -1)
diff --git a/src/privsep.c b/src/privsep.c
index 98d57857..5a10d26a 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -480,8 +480,9 @@ ps_mastersandbox(struct dhcpcd_ctx *ctx)
 	}
 
 #ifdef PRIVSEP_RIGHTS
-	if (ps_rights_limit_ioctl(ctx->pf_inet_fd) == -1 ||
-	     ps_rights_limit_fd(ctx->link_fd) == -1 ||
+	if ((ctx->pf_inet_fd != -1 &&
+	    ps_rights_limit_ioctl(ctx->pf_inet_fd) == -1) ||
+	    (ctx->link_fd != -1 && ps_rights_limit_fd(ctx->link_fd) == -1) ||
 	     ps_rights_limit_stdio() == -1)
 	{
 		logerr("%s: cap_rights_limit", __func__);