hal/hald Makefile.am,1.31,1.32 hald.c,1.16,1.17
David Zeuthen
david at freedesktop.org
Fri Sep 3 11:28:58 PDT 2004
Update of /cvs/hal/hal/hald
In directory gabe:/tmp/cvs-serv31473/hald
Modified Files:
Makefile.am hald.c
Log Message:
2004-09-03 David Zeuthen <david at fubar.dk>
Patch from Martin Pitt <martin at piware.de>.
* hal.conf.in: Drop AgentManager interface. Allow both HAL_USER
and root to own the org.freedesktop.Hal service.
* hald/Makefile.am: Link with libcap
* hald/hald.c: (usage), (drop_privileges), (main):
add option --drop-privileges which causes hald not to run as root,
but as @HAL_USER@ in @HAL_GROUP@ and all additional groups set in
/etc/group, and keeping the necessary capabilities to do its
job. This does _not_ change the default behaviour, if the option
is not specified, hald runs as root, as before.
Index: Makefile.am
===================================================================
RCS file: /cvs/hal/hal/hald/Makefile.am,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -d -r1.31 -r1.32
--- Makefile.am 31 Aug 2004 01:22:38 -0000 1.31
+++ Makefile.am 3 Sep 2004 18:28:56 -0000 1.32
@@ -74,7 +74,7 @@
linux/volume_id/volume_id.h linux/volume_id/volume_id.c \
linux/drive_id/drive_id.h linux/drive_id/drive_id.c
-hald_LDADD = @PACKAGE_LIBS@
+hald_LDADD = @PACKAGE_LIBS@ -lcap
#### Init scripts fun
SCRIPT_IN_FILES=haldaemon.in
Index: hald.c
===================================================================
RCS file: /cvs/hal/hal/hald/hald.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- hald.c 29 Aug 2004 15:57:41 -0000 1.16
+++ hald.c 3 Sep 2004 18:28:56 -0000 1.17
@@ -38,6 +38,9 @@
#include <fcntl.h>
#include <errno.h>
#include <signal.h>
+#include <sys/prctl.h>
+#include <sys/capability.h>
+#include <grp.h>
#include <dbus/dbus.h>
#include <dbus/dbus-glib.h>
@@ -162,6 +165,9 @@
"\n"
" --daemon=yes|no Become a daemon\n"
" --verbose=yes|no Print out debug (overrides HALD_VERBOSE)\n"
+ " --drop-privileges Run as normal user instead of root (calling of\n"
+ " external scripts to modify fstab etc. will not work\n"
+ " run as root)\n"
" --help Show this information and exit\n"
"\n"
"The HAL daemon detects devices present in the system and provides the\n"
@@ -238,6 +244,67 @@
static int startup_daemonize_pipe[2];
+/** Drop all but necessary privileges from hald when it runs as root. Set the
+ * running user id to HAL_USER and group to HAL_GROUP and grant the following
+ * capabilities: CAP_NET_ADMIN
+ */
+static void
+drop_privileges ()
+{
+ cap_t cap;
+ struct passwd *pw = NULL;
+ struct group *gr = NULL;
+
+ /* determine user id */
+ pw = getpwnam (HAL_USER);
+ if (!pw) {
+ HAL_ERROR (("drop_privileges: user " HAL_USER " does not exist"));
+ exit (-1);
+ }
+
+ /* determine primary group id */
+ gr = getgrnam (HAL_GROUP);
+ if(!gr) {
+ HAL_ERROR (("drop_privileges: group " HAL_GROUP " does not exist"));
+ exit (-1);
+ }
+
+ /* keep capabilities and change uid/gid */
+ if( prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
+ HAL_ERROR (("drop_privileges: could not keep capabilities"));
+ exit (-1);
+ }
+
+ if( initgroups (HAL_USER, gr->gr_gid)) {
+ HAL_ERROR (("drop_privileges: could not initialize groups"));
+ exit (-1);
+ }
+
+ if( setgid (gr->gr_gid) ) {
+ HAL_ERROR (("drop_privileges: could not set group id"));
+ exit (-1);
+ }
+
+ if( setuid (pw->pw_uid)) {
+ HAL_ERROR (("drop_privileges: could not set user id"));
+ exit (-1);
+ }
+
+ /* only keep necessary capabilities */
+ cap = cap_from_text ("cap_net_admin=ep");
+
+ if(cap_set_proc(cap)) {
+ HAL_ERROR (("drop_privileges: could not install capabilities"));
+ exit (-1);
+ }
+
+ if(cap_free (cap)) {
+ HAL_ERROR (("drop_privileges: cap_free"));
+ exit (-1);
+ }
+}
+
+
/** Entry point for HAL daemon
*
* @param argc Number of arguments
@@ -266,6 +333,7 @@
{"daemon", 1, NULL, 0},
{"verbose", 1, NULL, 0},
{"help", 0, NULL, 0},
+ {"drop-privileges", 0, NULL, 0},
{NULL, 0, NULL, 0}
};
@@ -299,7 +367,8 @@
usage ();
return 1;
}
- }
+ } else if (strcmp (opt, "drop-privileges") == 0)
+ drop_privileges ();
break;
default:
More information about the hal-commit
mailing list