From 5c2880becc94141b8035b3488b6bd60696011308 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Sat, 21 Nov 2020 02:22:09 +0000 Subject: Privs can only be dropped after reading key files. --- src/sbearssl/deps-lib/sbearssl | 1 + src/sbearssl/sbearssl-internal.h | 1 + src/sbearssl/sbearssl_client_init_and_run.c | 2 ++ src/sbearssl/sbearssl_drop.c | 24 ++++++++++++++++++++++++ src/sbearssl/sbearssl_server_init_and_run.c | 2 ++ 5 files changed, 30 insertions(+) create mode 100644 src/sbearssl/sbearssl_drop.c (limited to 'src/sbearssl') diff --git a/src/sbearssl/deps-lib/sbearssl b/src/sbearssl/deps-lib/sbearssl index 55729f6..13df389 100644 --- a/src/sbearssl/deps-lib/sbearssl +++ b/src/sbearssl/deps-lib/sbearssl @@ -3,6 +3,7 @@ sbearssl_cert_from.o sbearssl_cert_readbigpem.o sbearssl_cert_readfile.o sbearssl_cert_to.o +sbearssl_drop.o sbearssl_ec_issuer_keytype.o sbearssl_ec_pkey_from.o sbearssl_ec_pkey_to.o diff --git a/src/sbearssl/sbearssl-internal.h b/src/sbearssl/sbearssl-internal.h index 25f6468..2d98680 100644 --- a/src/sbearssl/sbearssl-internal.h +++ b/src/sbearssl/sbearssl-internal.h @@ -17,6 +17,7 @@ struct sbearssl_strallocerr_s int err ; } ; +extern void sbearssl_drop (void) ; extern void sbearssl_append (void *, void const *, size_t) ; extern int sbearssl_pem_push (br_pem_decoder_context *, char const *, size_t, sbearssl_pemobject *, genalloc *, sbearssl_strallocerr *, int *) ; diff --git a/src/sbearssl/sbearssl_client_init_and_run.c b/src/sbearssl/sbearssl_client_init_and_run.c index a95e9e1..a6e7aca 100644 --- a/src/sbearssl/sbearssl_client_init_and_run.c +++ b/src/sbearssl/sbearssl_client_init_and_run.c @@ -44,6 +44,8 @@ void sbearssl_client_init_and_run (int *fds, tain_t const *tto, uint32_t preopti strerr_dief2x(96, "no trust anchor found in ", x) ; } + sbearssl_drop() ; + { sbearssl_handshake_cb_context_t cbarg = { .notif = notif } ; unsigned char buf[BR_SSL_BUFSIZE_BIDI] ; diff --git a/src/sbearssl/sbearssl_drop.c b/src/sbearssl/sbearssl_drop.c new file mode 100644 index 0000000..2d826af --- /dev/null +++ b/src/sbearssl/sbearssl_drop.c @@ -0,0 +1,24 @@ +/* ISC license. */ + +#include +#include + +#include +#include + +#include "sbearssl-internal.h" + +void sbearssl_drop (void) +{ + if (!getuid()) + { + uid_t uid ; + gid_t gid ; + char const *x = getenv("TLS_UID") ; + if (x && !uid0_scan(x, &uid)) strerr_dieinvalid(100, "TLS_UID") ; + x = getenv("TLS_GID") ; + if (x && !gid0_scan(x, &gid)) strerr_dieinvalid(100, "TLS_GID") ; + if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ; + if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ; + } +} diff --git a/src/sbearssl/sbearssl_server_init_and_run.c b/src/sbearssl/sbearssl_server_init_and_run.c index 778fdbd..629fafb 100644 --- a/src/sbearssl/sbearssl_server_init_and_run.c +++ b/src/sbearssl/sbearssl_server_init_and_run.c @@ -45,6 +45,8 @@ void sbearssl_server_init_and_run (int *fds, tain_t const *tto, uint32_t preopti strerr_diefu2x(96, "find a certificate in ", x) ; } + sbearssl_drop() ; + { sbearssl_handshake_cb_context_t cbarg = { .notif = notif } ; unsigned char buf[BR_SSL_BUFSIZE_BIDI] ; -- cgit v1.2.3