File NetworkManager-openconnect-0.9.4-dropping_privs... of Package NetworkManager-openconnect

Overview Repositories Revisions Requests Users Attributes Meta

File NetworkManager-openconnect-0.9.4-dropping_privs_check.patch of Package NetworkManager-openconnect

From f88cd27978fd8d4bcdfee96c6150b418719effb9 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Thu, 29 Mar 2012 12:15:06 +0000
Subject: Check for success when dropping privs.

If the nm-openconnect user exists, but setuid/setgid fails, then abort.

Error handling is somewhat suboptimal here, since it's done in the
pre-spawn function in the child. But it should never happen anyway; the
only reason we're looking at it is because this code path was
(correctly) highlighted in a security review.
---
diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
index a5d95ce..168d154 100644
--- a/src/nm-openconnect-service.c
+++ b/src/nm-openconnect-service.c
@@ -213,8 +213,11 @@ nm_openconnect_secrets_validate (NMSettingVPN *s_vpn, GError **error)
 static void openconnect_drop_child_privs(gpointer user_data)
 {
 	if (tun_name) {
-		initgroups(NM_OPENCONNECT_USER, tun_group);
-		setuid((uid_t)tun_owner);
+		if (initgroups(NM_OPENCONNECT_USER, tun_group) ||
+			setgid(tun_group) || setuid(tun_owner)) {
+			g_warning ("Failed to drop privileges when spawning openconnect");
+			exit (1);
+		}
 	}
 }
 
--
cgit v0.9.0.2

Places

File NetworkManager-openconnect-0.9.4-dropping_privs_check.patch of Package NetworkManager-openconnect

Places