/** * Spawn external command using system() with dropped privileges. * TODO: avoid system() and use exec*() instead */ static int spawn_command(const char *cmd, uid_t uid){ int child; int status = -1; if (verbose > 1) printf("spawn_command: %s\n", cmd); child = fork(); if (child == -1) { perror(_("Unable to fork")); return status; } if (child == 0) { if (drop_privs(uid) != 0) exit(-1); status = system(cmd); status_to_retval(status, status); exit(status); } waitpid(child, &status, 0); status_to_retval(status, status); return status; }
/* * rend_private_init * * Initialize howl and start runloop */ int rend_private_init(char *user) { sw_result result; DPRINTF(E_DBG,L_REND,"Starting rendezvous services\n"); signal(SIGHUP, SIG_IGN); // SIGHUP might happen from a request to reload the daap server if(sw_discovery_init(&rend_handle) != SW_OKAY) { DPRINTF(E_WARN,L_REND,"Error initializing howl\n"); errno=EINVAL; return -1; } if(drop_privs(user)) return -1; DPRINTF(E_DBG,L_REND,"Starting polling thread\n"); if(pthread_create(&rend_tid,NULL,rend_pipe_monitor,NULL)) { DPRINTF(E_FATAL,L_REND,"Could not start thread. Terminating\n"); /* should kill parent, too */ exit(EXIT_FAILURE); } DPRINTF(E_DBG,L_REND,"Entering runloop\n"); sw_discovery_run(rend_handle); DPRINTF(E_DBG,L_REND,"Exiting runloop\n"); return 0; }
int main(int argc, char* argv[]) { int rc; /* drop privileges */ if (drop_privs() < 0) return EXIT_FAILURE; /* parse arguments */ parse_args(argc, argv); /* initialize secure storage directory */ rc = storage_init(ss_data_root); if (rc < 0) return EXIT_FAILURE; /* open rpmb device */ rc = rpmb_open(rpmb_devname, dev_type); if (rc < 0) return EXIT_FAILURE; /* connect to Trusty secure storage server */ rc = ipc_connect(trusty_devname, ss_srv_name); if (rc < 0) return EXIT_FAILURE; /* enter main loop */ rc = proxy_loop(); ALOGE("exiting proxy loop with status (%d)\n", rc); ipc_disconnect(); rpmb_close(); return (rc < 0) ? EXIT_FAILURE : EXIT_SUCCESS; }
static int do_mount(const char *dev, const char *mnt, const char *type, mode_t rootmode, int fd, int fuseflags) { int res; struct fuse_mount_data data; int flags = MS_NOSUID | MS_NODEV; if(getuid() != 0) { res = drop_privs(); if(res == -1) return -1; flags |= MS_PERMISSION; } data.version = FUSE_KERNEL_VERSION; data.fd = fd; data.rootmode = rootmode; data.uid = getuid(); data.flags = fuseflags; res = mount(dev, mnt, type, flags, &data); if(res == -1) fprintf(stderr, "%s: mount failed: %s\n", progname, strerror(errno)); if(getuid() != 0) restore_privs(); return res; }
static int try_open(const char *dev, char **devp) { int fd; if (restore_privs()) return -1; fd = open(dev, O_RDWR); if (drop_privs()) return -1; if (fd != -1) { *devp = strdup(dev); if (*devp == NULL) { fprintf(stderr, "%s: failed to allocate memory\n", progname); close(fd); fd = -1; } } else if (errno == ENODEV || errno == ENOENT) /* check for ENOENT too, for the udev case */ return -2; else { fprintf(stderr, "%s: failed to open %s: %s\n", progname, dev, strerror(errno)); } return fd; }
int main(void) { _buttonusr_isr = (void *)&buttonisr_usr; _timerusr_isr = (void *)&timerisr_usr; _mmhusr_isr = (void *)&mmhisr; /* Drop privileges */ drop_privs(); /* Init board */ kk_board_init(); /* Program the model into OTP, if we're not in screen-test mode, and it's * not already there */ (void)flash_programModel(); /* Init for safeguard against stack overflow (-fstack-protector-all) */ __stack_chk_guard = (uintptr_t)random32(); /* Bootloader Verification */ check_bootloader(); led_func(SET_RED_LED); dbg_print("Application Version %d.%d.%d\n\r", MAJOR_VERSION, MINOR_VERSION, PATCH_VERSION); /* Init storage */ storage_init(); /* Init protcol buffer message map and usb msg callback */ fsm_init(); led_func(SET_GREEN_LED); usbInit(); u2fInit(); led_func(CLR_RED_LED); reset_idle_time(); if (is_mfg_mode()) layout_screen_test(); else if (!storage_isInitialized()) layout_standard_notification("Welcome", "keepkey.com/get-started", NOTIFICATION_LOGO); else layoutHomeForced(); while (1) { delay_ms_with_callback(ONE_SEC, &exec, 1); increment_idle_time(ONE_SEC); toggle_screensaver(); } return 0; }
int main(int argc, char **argv) { int ret; ASSERT0(putenv("TZ=UTC")); cmn_err(CE_INFO, "blahgd version %s", version_string); /* drop unneeded privs */ ret = drop_privs(); if (ret) goto err; jeffpc_init(&init_ops); init_math(true); init_pipe_subsys(); init_req_subsys(); init_post_subsys(); init_file_cache(); ret = config_load((argc >= 2) ? argv[1] : NULL); if (ret) goto err; ret = load_all_posts(); if (ret) goto err; handle_signals(); ret = start_helpers(); if (ret) goto err_helpers; ret = start_listening(); if (ret) goto err_helpers; accept_conns(); stop_listening(); stop_helpers(); free_all_posts(); uncache_all_files(); return 0; err_helpers: stop_helpers(); err: DBG("Failed to inintialize: %s", xstrerror(ret)); return ret; }
void tree(void) { drop_privs(1); char *arg[4]; arg[0] = "bash"; arg[1] = "-c"; arg[2] = "firemon --tree"; arg[3] = NULL; execvp("/bin/bash", arg); }
void netstats(void) { drop_privs(1); char *arg[4]; arg[0] = "bash"; arg[1] = "-c"; arg[2] = "firemon --netstats"; arg[3] = NULL; execvp("/bin/bash", arg); }
void tree(void) { EUID_ASSERT(); drop_privs(1); char *cmd = get_firemon_path("--tree"); char *arg[4]; arg[0] = "bash"; arg[1] = "-c"; arg[2] = cmd; arg[3] = NULL; execvp("/bin/bash", arg); }
void seccomp_print_filter(pid_t pid) { // if the pid is that of a firejail process, use the pid of the first child process char *comm = pid_proc_comm(pid); if (comm) { // remove \n char *ptr = strchr(comm, '\n'); if (ptr) *ptr = '\0'; if (strcmp(comm, "firejail") == 0) { pid_t child; if (find_child(pid, &child) == 0) { pid = child; } } free(comm); } // check privileges for non-root users uid_t uid = getuid(); if (uid != 0) { struct stat s; char *dir; if (asprintf(&dir, "/proc/%u/ns", pid) == -1) errExit("asprintf"); if (stat(dir, &s) < 0) errExit("stat"); if (s.st_uid != uid) { printf("Error: permission denied.\n"); exit(1); } } // find the seccomp filter char *fname; if (asprintf(&fname, "/proc/%d/root/tmp/firejail/mnt/seccomp", pid) == -1) errExit("asprintf"); struct stat s; if (stat(fname, &s) == -1) { printf("Cannot access seccomp filter.\n"); exit(1); } // read and print the filter read_seccomp_file(fname); drop_privs(1); filter_debug(); exit(0); }
static void set_privileges(void) { struct stat s; if (stat("/proc/sys/kernel/grsecurity", &s) == 0) { EUID_ROOT(); // elevate privileges if (setreuid(0, 0)) errExit("setreuid"); if (setregid(0, 0)) errExit("setregid"); } else drop_privs(1); }
void seccomp_print_filter(pid_t pid) { EUID_ASSERT(); // if the pid is that of a firejail process, use the pid of the first child process char *comm = pid_proc_comm(pid); if (comm) { // remove \n char *ptr = strchr(comm, '\n'); if (ptr) *ptr = '\0'; if (strcmp(comm, "firejail") == 0) { pid_t child; if (find_child(pid, &child) == 0) { pid = child; } } free(comm); } // check privileges for non-root users uid_t uid = getuid(); if (uid != 0) { uid_t sandbox_uid = pid_get_uid(pid); if (uid != sandbox_uid) { fprintf(stderr, "Error: permission denied.\n"); exit(1); } } // find the seccomp filter EUID_ROOT(); char *fname; if (asprintf(&fname, "/proc/%d/root%s", pid, RUN_SECCOMP_CFG) == -1) errExit("asprintf"); struct stat s; if (stat(fname, &s) == -1) { printf("Cannot access seccomp filter.\n"); exit(1); } // read and print the filter read_seccomp_file(fname); drop_privs(1); filter_debug(); free(fname); exit(0); }
int main (int argc, char *argv[]) { int pid,index,usable; char *pgname; pgname = argv[0]; if (argc < 2) { printf("%s: nothing to do\n",pgname); exit(0); } /* printf("Real UID\tReal GID\tEff UID\tEff GID\n"); */ init_privs(); set_privs(); while (argc > 1) { usable = 1; for (index=0; index < strlen(argv[1]); index++) { if (!isdigit(argv[1][index])) { usable = 0; break; } } if (usable) { pid = atoi(argv[1]); /* printf("pid is %d\n",pid); */ kill(pid,SIGUSR1); } else printf("%s: invalid argument %s\n",pgname,argv[1]); argc--; argv++; } drop_privs(); exit(0); }
int main(int argc, char* argv[]) { int sockfd = init_socket(); logf("Server listening on port %d\n", PORT); if (signal(SIGCHLD, SIG_IGN) == SIG_ERR) { perror("Error setting SIGCHILD handler."); return EXIT_FAILURE; } load_module(); while (1) { socklen_t client_len = sizeof(client); int client_fd = accept(sockfd, (struct sockaddr*) &client, &client_len); if (client_fd < 0) { perror("Error creating socket for incoming connection"); exit(EXIT_FAILURE); } logf("New connection from %s on port %d\n", inet_ntoa(client.sin_addr), htons(client.sin_port)); int pid = fork(); if (pid < 0) { perror("Unable to fork"); exit(EXIT_FAILURE); } if (pid == 0) { // client alarm(300); close(sockfd); dup2(client_fd, 0); dup2(client_fd, 1); setvbuf(stdout, NULL, _IONBF, 0); drop_privs(); interact(); close(client_fd); logf("%s:%d disconnected\n", inet_ntoa(client.sin_addr), htons(client.sin_port)); exit(EXIT_SUCCESS); } else { // server logf("%s:%d forked new process with pid %d\n", inet_ntoa(client.sin_addr), htons(client.sin_port), pid); close(client_fd); } } }
void drop_privs(const char *username) { if (username == nullptr) { throw ReferenceError(); } struct passwd *pw = ::getpwnam(username); if (pw == nullptr) { char buf[256]; std::snprintf(buf, sizeof(buf), "failed to drop privileges: no such user '%s'", username); panic(buf); } drop_privs(pw->pw_uid, pw->pw_gid); }
void tcpcryptd(void) { _state.s_divert = divert_open(_conf.cf_port, packet_handler); open_unix(); drop_privs(); printf("Running\n"); if (!_conf.cf_disable && !_conf.cf_disable_network_test) test_network(); while (1) do_cycle(); }
void seccomp_print_filter(pid_t pid) { // if the pid is that of a firejail process, use the pid of the first child process char *comm = pid_proc_comm(pid); if (comm) { // remove \n char *ptr = strchr(comm, '\n'); if (ptr) *ptr = '\0'; if (strcmp(comm, "firejail") == 0) { pid_t child; if (find_child(pid, &child) == 0) { pid = child; } } free(comm); } // check privileges for non-root users uid_t uid = getuid(); if (uid != 0) { uid_t sandbox_uid = pid_get_uid(pid); if (uid != sandbox_uid) { exechelp_logerrv("firejail", FIREJAIL_ERROR, "Error: permission denied to print seccomp filters (sandbox belongs to a different user).\n"); exit(1); } } // find the seccomp filter char *fname; if (asprintf(&fname, "/proc/%d/root/tmp/firejail/mnt/seccomp", pid) == -1) errExit("asprintf"); struct stat s; if (stat(fname, &s) == -1) { exechelp_logerrv("firejail", FIREJAIL_ERROR, "Error: Cannot access seccomp filter.\n"); exit(1); } // read and print the filter read_seccomp_file(fname); drop_privs(1); filter_debug(); exit(0); }
/* * Drop privileges to the specified user account */ int drop_privs_user(const char *user_name) { struct passwd *pw = getpwnam(user_name); if (pw == NULL) { #ifdef DEBUG err(-1, ERROR_NO_USER, user_name); #else exit(-1); #endif } if (drop_privs(pw) == -1) { #ifdef DEBUG err(-1, ERROR_NO_PRIVS); #else exit(-1); #endif } return 0; }
static int try_open_fuse_device(char **devp) { int fd; int err; drop_privs(); fd = try_open(FUSE_DEV_NEW, devp, 0); restore_privs(); if (fd >= 0) return fd; err = fd; fd = try_open(FUSE_DEV_OLD, devp, 1); if (fd >= 0) return fd; return err; }
void caps_print_filter(pid_t pid) { // if the pid is that of a firejail process, use the pid of the first child process char *comm = pid_proc_comm(pid); if (comm) { // remove \n char *ptr = strchr(comm, '\n'); if (ptr) *ptr = '\0'; if (strcmp(comm, "firejail") == 0) { pid_t child; if (find_child(pid, &child) == 0) { pid = child; } } free(comm); } // check privileges for non-root users uid_t uid = getuid(); if (uid != 0) { struct stat s; char *dir; if (asprintf(&dir, "/proc/%u/ns", pid) == -1) errExit("asprintf"); if (stat(dir, &s) < 0) errExit("stat"); if (s.st_uid != uid) { printf("Error: permission denied.\n"); exit(1); } } uint64_t caps = extract_caps(pid); drop_privs(1); int i; uint64_t mask; int elems = sizeof(capslist) / sizeof(capslist[0]); for (i = 0, mask = 1; i < elems; i++, mask <<= 1) { printf("%-18.18s - %s\n", capslist[i].name, (mask & caps)? "enabled": "disabled"); } exit(0); }
static void run_sdcardfs(const std::string& source_path, const std::string& label, uid_t uid, gid_t gid, userid_t userid, bool multi_user, bool full_write, bool derive_gid) { std::string dest_path_default = "/mnt/runtime/default/" + label; std::string dest_path_read = "/mnt/runtime/read/" + label; std::string dest_path_write = "/mnt/runtime/write/" + label; umask(0); if (multi_user) { // Multi-user storage is fully isolated per user, so "other" // permissions are completely masked off. if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid, AID_SDCARD_RW, 0006, derive_gid) || !sdcardfs_setup_bind_remount(dest_path_default, dest_path_read, AID_EVERYBODY, 0027) || !sdcardfs_setup_bind_remount(dest_path_default, dest_path_write, AID_EVERYBODY, full_write ? 0007 : 0027)) { LOG(FATAL) << "failed to sdcardfs_setup"; } } else { // Physical storage is readable by all users on device, but // the Android directories are masked off to a single user // deep inside attr_from_stat(). if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid, AID_SDCARD_RW, 0006, derive_gid) || !sdcardfs_setup_bind_remount(dest_path_default, dest_path_read, AID_EVERYBODY, full_write ? 0027 : 0022) || !sdcardfs_setup_bind_remount(dest_path_default, dest_path_write, AID_EVERYBODY, full_write ? 0007 : 0022)) { LOG(FATAL) << "failed to sdcardfs_setup"; } } // Will abort if priv-dropping fails. drop_privs(uid, gid); if (multi_user) { std::string obb_path = source_path + "/obb"; fs_prepare_dir(obb_path.c_str(), 0775, uid, gid); } exit(0); }
// return -1 if error, 0 if no error void copy_file_as_user(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode) { pid_t child = fork(); if (child < 0) errExit("fork"); if (child == 0) { // drop privileges drop_privs(0); // copy, set permissions and ownership int rv = copy_file(srcname, destname, uid, gid, mode); // already a regular user if (rv) fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n"); #ifdef HAVE_GCOV __gcov_flush(); #endif _exit(0); } // wait for the child to finish waitpid(child, NULL, 0); }
/* Initialize the secure memory subsystem, drop privileges and return. Must be called early. */ void pinentry_init (const char *pgmname) { /* Store away our name. */ if (strlen (pgmname) > sizeof this_pgmname - 2) abort (); strcpy (this_pgmname, pgmname); /* Initialize secure memory. 1 is too small, so the default size will be used. */ secmem_init (1); secmem_set_flags (SECMEM_WARN); drop_privs (); if (atexit (secmem_term)) /* FIXME: Could not register at-exit function, bail out. */ ; assuan_set_malloc_hooks (secmem_malloc, secmem_realloc, secmem_free); }
void caps_print_filter(pid_t pid) { EUID_ASSERT(); // if the pid is that of a firejail process, use the pid of the first child process char *comm = pid_proc_comm(pid); if (comm) { // remove \n char *ptr = strchr(comm, '\n'); if (ptr) *ptr = '\0'; if (strcmp(comm, "firejail") == 0) { pid_t child; if (find_child(pid, &child) == 0) { pid = child; } } free(comm); } // check privileges for non-root users uid_t uid = getuid(); if (uid != 0) { uid_t sandbox_uid = pid_get_uid(pid); if (uid != sandbox_uid) { fprintf(stderr, "Error: permission denied.\n"); exit(1); } } uint64_t caps = extract_caps(pid); drop_privs(1); int i; uint64_t mask; int elems = sizeof(capslist) / sizeof(capslist[0]); for (i = 0, mask = 1; i < elems; i++, mask <<= 1) { printf("%-18.18s - %s\n", capslist[i].name, (mask & caps)? "enabled": "disabled"); } exit(0); }
void fs_mkfile(const char *name) { EUID_ASSERT(); // check file name invalid_filename(name); char *expanded = expand_home(name, cfg.homedir); if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) { fprintf(stderr, "Error: only files in user home are supported by mkfile\n"); exit(1); } struct stat s; if (stat(expanded, &s) == 0) { // file exists, do nothing goto doexit; } // create file pid_t child = fork(); if (child < 0) errExit("fork"); if (child == 0) { // drop privileges drop_privs(0); FILE *fp = fopen(expanded, "w"); if (!fp) fprintf(stderr, "Warning: cannot create %s file\n", expanded); else { fclose(fp); int rv = chmod(expanded, 0600); (void) rv; } exit(0); } // wait for the child to finish waitpid(child, NULL, 0); doexit: free(expanded); }
// return -1 if error, 0 if no error void touch_file_as_user(const char *fname, uid_t uid, gid_t gid, mode_t mode) { pid_t child = fork(); if (child < 0) errExit("fork"); if (child == 0) { // drop privileges drop_privs(0); FILE *fp = fopen(fname, "w"); if (fp) { fprintf(fp, "\n"); SET_PERMS_STREAM(fp, uid, gid, mode); fclose(fp); } #ifdef HAVE_GCOV __gcov_flush(); #endif _exit(0); } // wait for the child to finish waitpid(child, NULL, 0); }
void net_dns_print(pid_t pid) { // drop privileges drop_privs(1); // if the pid is that of a firejail process, use the pid of the first child process char *comm = pid_proc_comm(pid); if (comm) { // remove \n char *ptr = strchr(comm, '\n'); if (ptr) *ptr = '\0'; if (strcmp(comm, "firejail") == 0) { pid_t child; if (find_child(pid, &child) == 0) { pid = child; } } free(comm); } char *fname; if (asprintf(&fname, "/proc/%d/root/etc/resolv.conf", pid) == -1) errExit("asprintf"); // access /etc/resolv.conf FILE *fp = fopen(fname, "r"); if (!fp) { fprintf(stderr, "Error: cannot access /etc/resolv.conf\n"); exit(1); } char buf[MAXBUF]; while (fgets(buf, MAXBUF, fp)) printf("%s", buf); printf("\n"); fclose(fp); free(fname); exit(0); }
void fs_mkdir(const char *name) { EUID_ASSERT(); // check directory name invalid_filename(name, 0); // no globbing char *expanded = expand_macros(name); if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && strncmp(expanded, "/tmp", 4) != 0) { fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n"); exit(1); } struct stat s; if (stat(expanded, &s) == 0) { // file exists, do nothing goto doexit; } // create directory pid_t child = fork(); if (child < 0) errExit("fork"); if (child == 0) { // drop privileges drop_privs(0); // create directory mkdir_recursive(expanded); #ifdef HAVE_GCOV __gcov_flush(); #endif _exit(0); } // wait for the child to finish waitpid(child, NULL, 0); doexit: free(expanded); }
int ff(int sockFd) { struct stat statbuf; FILE *keyFile; char * keybuf; char fileStr[4]; char sockStr[4]; keyFile = fopen("key", "r"); if(keyFile == NULL) { send_string(sockFd, "Could not open key."); return -1; } drop_privs("maw"); pid_t child; child = fork(); if(child == 0) { sprintf(fileStr, "%d", fileno(keyFile)); sprintf(sockStr, "%d", sockFd); execl("/home/services/sis", "sis", fileStr, sockStr, NULL); } fclose(keyFile); }