forked from mirrors/kore
Make runas behave similarly to chroot.
Add new command line knob '-r', that disables runas similar to '-n', it's implied as well for kore command runs. Add default runas (nobody) user and chroot (/var/empty) path, if none are specified, fallback to these.
This commit is contained in:
parent
ee59eb3f77
commit
e47df37230
|
@ -68,6 +68,9 @@ extern int daemon(int, int);
|
|||
#define KORE_PIDFILE_DEFAULT "kore.pid"
|
||||
#define KORE_DEFAULT_CIPHER_LIST "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!kRSA:!kDSA"
|
||||
|
||||
#define KORE_DEFAULT_USER "nobody"
|
||||
#define KORE_DEFAULT_CHROOT "/var/empty"
|
||||
|
||||
#if defined(KORE_DEBUG)
|
||||
#define kore_debug(fmt, ...) \
|
||||
if (kore_debug) \
|
||||
|
@ -362,6 +365,7 @@ extern int foreground;
|
|||
extern int kore_debug;
|
||||
extern int skip_chroot;
|
||||
extern char *chroot_path;
|
||||
extern int skip_runas;
|
||||
extern char *runas_user;
|
||||
extern char *kore_pidfile;
|
||||
extern char *config_file;
|
||||
|
@ -386,7 +390,6 @@ extern struct listener_head listeners;
|
|||
extern struct kore_worker *worker;
|
||||
extern struct kore_domain_h domains;
|
||||
extern struct kore_domain *primary_dom;
|
||||
extern struct passwd *pw;
|
||||
extern struct kore_pool nb_pool;
|
||||
|
||||
void kore_cli_usage(int);
|
||||
|
|
|
@ -119,7 +119,7 @@ static void file_create_gitignore(void);
|
|||
|
||||
static struct cmd cmds[] = {
|
||||
{ "help", "this help text", cli_help },
|
||||
{ "run", "run an application (-fn implied)", cli_run },
|
||||
{ "run", "run an application (-fnr implied)", cli_run },
|
||||
{ "build", "build an application", cli_build },
|
||||
{ "clean", "cleanup the build files", cli_clean },
|
||||
{ "create", "create a new application skeleton", cli_create },
|
||||
|
@ -990,7 +990,7 @@ cli_run_kore(void *arg)
|
|||
(void)cli_vasprintf(&cpath, "conf/%s.conf", appl);
|
||||
|
||||
args[0] = "kore";
|
||||
args[1] = "-fnc";
|
||||
args[1] = "-fnrc";
|
||||
args[2] = cpath;
|
||||
args[3] = NULL;
|
||||
|
||||
|
|
27
src/config.c
27
src/config.c
|
@ -132,8 +132,6 @@ static struct kore_module_handle *current_handler = NULL;
|
|||
void
|
||||
kore_parse_config(void)
|
||||
{
|
||||
char *p;
|
||||
|
||||
kore_parse_config_file(config_file);
|
||||
|
||||
if (!kore_module_loaded())
|
||||
|
@ -142,22 +140,19 @@ kore_parse_config(void)
|
|||
if (LIST_EMPTY(&listeners))
|
||||
fatal("no listeners defined");
|
||||
|
||||
if (skip_chroot != 1 && chroot_path == NULL)
|
||||
fatal("missing a chroot path");
|
||||
|
||||
if (runas_user == NULL) {
|
||||
if ((p = getlogin()) == NULL)
|
||||
fatal("missing a username to run as");
|
||||
|
||||
/* runas_user is free'd later down the line. */
|
||||
runas_user = kore_strdup(p);
|
||||
if (skip_chroot != 1 && chroot_path == NULL) {
|
||||
chroot_path = kore_strdup(KORE_DEFAULT_CHROOT);
|
||||
}
|
||||
if (getuid() != 0 && skip_chroot == 0) {
|
||||
fatal("cannot chroot, use -n to skip it");
|
||||
}
|
||||
|
||||
if ((pw = getpwnam(runas_user)) == NULL)
|
||||
fatal("user '%s' does not exist", runas_user);
|
||||
|
||||
if (getuid() != 0 && skip_chroot == 0)
|
||||
fatal("Cannot chroot(), use -n to skip it");
|
||||
if (skip_runas != 1 && runas_user == NULL) {
|
||||
runas_user = kore_strdup(KORE_DEFAULT_USER);
|
||||
}
|
||||
if (getuid() != 0 && skip_runas == 0) {
|
||||
fatal("cannot drop privileges, use -p to skip it");
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
14
src/kore.c
14
src/kore.c
|
@ -25,15 +25,15 @@ volatile sig_atomic_t sig_recv;
|
|||
|
||||
struct listener_head listeners;
|
||||
u_int8_t nlisteners;
|
||||
struct passwd *pw = NULL;
|
||||
pid_t kore_pid = -1;
|
||||
u_int16_t cpu_count = 1;
|
||||
int foreground = 0;
|
||||
int kore_debug = 0;
|
||||
int skip_chroot = 0;
|
||||
u_int8_t worker_count = 0;
|
||||
char *runas_user = NULL;
|
||||
int skip_chroot = 0;
|
||||
char *chroot_path = NULL;
|
||||
int skip_runas = 0;
|
||||
char *runas_user = NULL;
|
||||
u_int32_t kore_socket_backlog = 5000;
|
||||
char *kore_pidfile = KORE_PIDFILE_DEFAULT;
|
||||
char *kore_tls_cipher_list = KORE_DEFAULT_CIPHER_LIST;
|
||||
|
@ -55,6 +55,7 @@ usage(void)
|
|||
fprintf(stderr, "\t-f\tstart kore in foreground mode\n");
|
||||
fprintf(stderr, "\t-h\tthis help text\n");
|
||||
fprintf(stderr, "\t-n\tdo not chroot (if not starting kore as root)\n");
|
||||
fprintf(stderr, "\t-r\tdo not runas (uid drop) (if not starting kore as root)\n");
|
||||
fprintf(stderr, "\t-v\tdisplay kore's version information\n");
|
||||
|
||||
kore_cli_usage(0);
|
||||
|
@ -84,7 +85,7 @@ main(int argc, char *argv[])
|
|||
|
||||
flags = 0;
|
||||
|
||||
while ((ch = getopt(argc, argv, "c:dfhnv")) != -1) {
|
||||
while ((ch = getopt(argc, argv, "c:dfhnrv")) != -1) {
|
||||
flags++;
|
||||
switch (ch) {
|
||||
case 'c':
|
||||
|
@ -106,6 +107,9 @@ main(int argc, char *argv[])
|
|||
case 'n':
|
||||
skip_chroot = 1;
|
||||
break;
|
||||
case 'r':
|
||||
skip_runas = 1;
|
||||
break;
|
||||
case 'v':
|
||||
version();
|
||||
break;
|
||||
|
@ -302,8 +306,6 @@ kore_server_start(void)
|
|||
{
|
||||
int quit;
|
||||
|
||||
kore_mem_free(runas_user);
|
||||
|
||||
if (foreground == 0 && daemon(1, 1) == -1)
|
||||
fatal("cannot daemon(): %s", errno_s);
|
||||
|
||||
|
|
18
src/worker.c
18
src/worker.c
|
@ -186,14 +186,24 @@ kore_worker_entry(struct kore_worker *kw)
|
|||
struct connection *c, *cnext;
|
||||
int quit, had_lock, r;
|
||||
u_int64_t now, idle_check, next_lock, netwait;
|
||||
struct passwd *pw = NULL;
|
||||
|
||||
worker = kw;
|
||||
|
||||
/* Must happen before chroot. */
|
||||
if (skip_runas == 0) {
|
||||
pw = getpwnam(runas_user);
|
||||
if (pw == NULL) {
|
||||
fatal("cannot getpwnam(\"%s\") runas user: %s",
|
||||
runas_user, errno_s);
|
||||
}
|
||||
}
|
||||
|
||||
if (skip_chroot == 0) {
|
||||
if (chroot(chroot_path) == -1)
|
||||
fatal("cannot chroot(): %s", errno_s);
|
||||
fatal("cannot chroot(\"%s\"): %s", chroot_path, errno_s);
|
||||
if (chdir("/") == -1)
|
||||
fatal("cannot chdir(): %s", errno_s);
|
||||
fatal("cannot chdir(\"/\"): %s", errno_s);
|
||||
}
|
||||
|
||||
if (getrlimit(RLIMIT_NOFILE, &rl) == -1) {
|
||||
|
@ -213,7 +223,7 @@ kore_worker_entry(struct kore_worker *kw)
|
|||
worker_rlimit_nofiles, errno_s);
|
||||
}
|
||||
|
||||
if (getuid() != pw->pw_uid) {
|
||||
if (skip_runas == 0) {
|
||||
if (setgroups(1, &pw->pw_gid) ||
|
||||
#ifdef __MACH__
|
||||
setgid(pw->pw_gid) || setegid(pw->pw_gid) ||
|
||||
|
@ -222,7 +232,7 @@ kore_worker_entry(struct kore_worker *kw)
|
|||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
||||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
|
||||
#endif
|
||||
fatal("unable to drop privileges");
|
||||
fatal("cannot drop privileges");
|
||||
}
|
||||
|
||||
(void)snprintf(buf, sizeof(buf), "kore [wrk %d]", kw->id);
|
||||
|
|
Loading…
Reference in New Issue