From: Jean-Marc Pigeon (Delson) Date: Sun, 4 Aug 2024 11:02:45 +0000 (-0400) Subject: Able to open priviledge port (port 25) still runningas standard user X-Git-Tag: tag-0.4~22 X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=4954c24b8e6b45dec3eebb17d2fd1088f6ffc62d;p=jmp%2Fmailleur Able to open priviledge port (port 25) still runningas standard user --- diff --git a/app/emlrec.c b/app/emlrec.c index 2b3ac75..3c9b1fb 100644 --- a/app/emlrec.c +++ b/app/emlrec.c @@ -40,6 +40,8 @@ _Bool proceed; status=0; params=(ARGTYP *)0; +//changing the working ID if started as root +(void) prc_chgid(argv[0]); phase=0; proceed=true; while (proceed==true) { diff --git a/lib/devsoc.c b/lib/devsoc.c index 9869696..4ef2b83 100644 --- a/lib/devsoc.c +++ b/lib/devsoc.c @@ -232,6 +232,8 @@ PUBLIC _Bool soc_openbinding(SOCPTR *socptr) _Bool done; SOCTYP *soc; +uid_t gid; //ccurrent group id +uid_t uid; //ccurrent user id struct addrinfo hints; struct addrinfo *tobind; int phase; @@ -244,6 +246,14 @@ hints.ai_family=PF_UNSPEC; hints.ai_flags=HINTFLG; hints.ai_socktype=SOCK_STREAM; tobind=(struct addrinfo *)0; +gid=getegid(); //let be back to root if needed +uid=geteuid(); //to open device on < 1024 port +if (setegid(getgid())<0) + (void) rou_core_dump("%s Unable to set the Egid to '%d' (error=<%s>", + OPEP,getgid(),strerror(errno)); +if (seteuid(getuid())<0) + (void) rou_core_dump("%s Unable to set the Euid to '%d' (error=<%s>", + OPEP,getuid(),strerror(errno)); phase=0; proceed=true; while (proceed==true) { @@ -295,6 +305,8 @@ while (proceed==true) { } phase++; } +(void) setegid(gid); //recover the standard application +(void) seteuid(uid); //uid:gid return done; #undef OPEP } diff --git a/lib/modrec.c b/lib/modrec.c index e851156..8b08397 100644 --- a/lib/modrec.c +++ b/lib/modrec.c @@ -229,8 +229,8 @@ _Bool proceed; childs=(pid_t)0; bindings=(SOCPTR **)0; +bindings=soc_mkbindinf(bindings,pro_smtp,"192.219.254.70","25",3); bindings=soc_mkbindinf(bindings,pro_smtp,"127.0.0.1","2525",3); -bindings=soc_mkbindinf(bindings,pro_smtp,"192.219.254.70","2525",3); bindings=soc_mkbindinf(bindings,pro_smtp,"127.0.0.26","2626",1); nbrbind=rou_nbrlist((void **)bindings); phase=0; diff --git a/lib/subrou.c b/lib/subrou.c index 32532c1..9e7e532 100644 --- a/lib/subrou.c +++ b/lib/subrou.c @@ -20,7 +20,7 @@ //version definition #define VERSION "0.3" -#define RELEASE "19" +#define RELEASE "20" //Public variables PUBLIC int debug=0; //debug level diff --git a/lib/uniprc.c b/lib/uniprc.c index 5b6cb3f..d84e7f3 100644 --- a/lib/uniprc.c +++ b/lib/uniprc.c @@ -35,6 +35,38 @@ static TITLTYP *title=(TITLTYP *)0; //storage area for /proc //title display static _Bool modopen; //boolean module open/close +/* + +*/ +/********************************************************/ +/* */ +/* Procedure to change the current ID to an */ +/* application working ID */ +/* */ +/********************************************************/ +static uid_t getappid(char *appname,_Bool group) + +{ +#define OPEP "uniprc.c:getappid" + +uid_t id; +char *fullname; +struct stat bufstat; + +id=(uid_t)0; +fullname=rou_apppath(appname); +if (stat(fullname,&bufstat)<0) + (void) rou_alert(0,"%s Unable to get <%s> stat (bug?)",OPEP,fullname); +else { + if (group==false) + id=bufstat.st_uid; + else + id=bufstat.st_gid; + } +fullname=rou_freestr(fullname); +return id; +#undef OPEP +} /* */ @@ -277,8 +309,7 @@ while (proceed==true) { } phase++; } -if (fullname!=(char *)0) - (void) free(fullname); +fullname=rou_freestr(fullname); return done; #undef OPEP } @@ -408,6 +439,53 @@ if ((title!=(TITLTYP *)0)&&(title->title!=(char *)0)) { va_end(args); } /* + +*/ +/********************************************************/ +/* */ +/* Procedure to change the current ID (must be */ +/* root) to the application/program "owner:group" */ +/* */ +/********************************************************/ +void prc_chgid(char *appnom) + +{ +#define OPEP "uniprc.c:prc_chgid," +#define MSG \ + "%s Unable to %s to '%d' (error=<%s> (cur u/g id='%d/%d',eid='%d/%d') bug?)" + +struct rlimit limites; + +(void) memset(&limites,'\000',sizeof(struct rlimit)); +if (getuid()==0) { /*is changing ID possible */ + uid_t uid; + uid_t gid; + + gid=getappid(appnom,true); + uid=getappid(appnom,false); + if (setegid(gid)<0) + (void) rou_alert(0,MSG,OPEP,"setegid",gid, + strerror(errno), + getuid(),getgid(), + geteuid(),getegid()); + if (seteuid(uid)<0) + (void) rou_alert(0,MSG,OPEP,"seteuid",uid, + strerror(errno), + getuid(),getgid(), + geteuid(),getegid()); + } +if (getrlimit(RLIMIT_CORE,&limites)<0) { + (void) rou_alert(0,"%s getrlimit error='%s'",OPEP,strerror(errno)); + } +limites.rlim_cur=limites.rlim_max; +if (setrlimit(RLIMIT_CORE,&limites)<0) { + (void) rou_alert(0,"%s setrlimit error='%s'",OPEP,strerror(errno)); + } +//to allow application core-dump +(void) prctl(PR_SET_DUMPABLE,1,0,0,0); +#undef OPEP +} +/* ^L */ /********************************************************/ diff --git a/lib/uniprc.h b/lib/uniprc.h index 5e2c5c2..ecdf612 100644 --- a/lib/uniprc.h +++ b/lib/uniprc.h @@ -31,10 +31,6 @@ extern void prc_settitle(const char *fmt,...); //big trouble need to be investigated extern void prc_allow_core_dump(); -//To do an on purpose application memory core dump -//with an explication message -extern void prc_core_dump(const char *fmt,...); - //routine to make sure all child process are out of //zombie state extern void prc_nozombie(); @@ -51,6 +47,9 @@ extern _Bool prc_locking(const char *lockname,int lock,int tentative); //procedure to put application in deamon mode extern pid_t prc_divedivedive(); +//procedure to change the current id (root) to the application "owner" +extern void prc_chgid(char *appnom); + //homework to be done before starting/stopping module. extern int prc_modeuniprc(_Bool mode);