On Fri, Apr 27, 2001 at 10:18:48AM -0400, Ryan W. Maple wrote:
>
> I wanted to teach myself a little bit more about kernel caps, so I thought
> xntpd would be a pretty good place to start. I started with Chris Wing's
> patch and made it use the kernel caps instead of going through libcap.

Are there any advantages to doing direct kernel syscalls?

> Any input is more then welcome, and greatly appreciated.

Only one comment so far (I haven't actually tried the patch) -- always
check return value from setgroups() and set*id() calls.

> + drop_privileges();

Shouldn't drop_privileges() return a value and shouldn't there be a
check for it here?

> + pwd = getpwnam(server_user);
> +
> + if(!pwd) {
> + msyslog(LOG_ERR, "failed to look up user: %s", server_user);
> + return;

should be either return -1 or exit(1)

> + if (prctl(PR_SET_KEEPCAPS, 1)) {
> + msyslog(LOG_ERR, "prctl(PR_SET_KEEPCAPS, 1) failed");
> + return;

same here

> + setgroups(0, NULL);
> +
> + setegid(pwd->pw_gid);
> + seteuid(pwd->pw_uid);
> +
> + ntp_setcaps();
> +
> + setregid(pwd->pw_gid, pwd->pw_gid);
> + setreuid(pwd->pw_uid, pwd->pw_uid);

and return value checks for all of these.

> +void ntp_setcaps(void)

int

> + if (syscall(SYS_capset, &caphead, &cap) < 0)

{

> + msyslog(LOG_ERR, "capset failed");

return -1;
}

-- 
/sd

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]