From d7cb42ad7956b321b9276a5935f3822cded76354 Mon Sep 17 00:00:00 2001 From: Roy Marples Date: Mon, 2 Dec 2019 00:43:07 +0000 Subject: [PATCH] privsep: Allow priviledge separation user to be specified by configure --- configure | 9 +++++++++ src/defs.h | 4 ++-- src/privsep.c | 4 ++-- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/configure b/configure index a373f2bc..e78370ab 100755 --- a/configure +++ b/configure @@ -12,6 +12,7 @@ ARPING= IPV4LL= INET6= PRIVSEP= +PRIVSEP_USER=_dhcpcd ARC4RANDOM= CLOSEFROM= RBTREE= @@ -68,6 +69,7 @@ for x do --enable-auth) AUTH=yes;; --disable-privsep) PRIVSEP=no;; --enable-privsep) PRIVSEP=yes;; + --privsepuser) PRIVSEP_USER=$var;; --prefix) PREFIX=$var;; --sysconfdir) SYSCONFDIR=$var;; --bindir|--sbindir) SBINDIR=$var;; @@ -538,6 +540,9 @@ fi if [ "$PRIVSEP" = yes ]; then echo "Enabling Priviledge Separation" echo "CPPFLAGS+= -DPRIVSEP" >>$CONFIG_MK + echo "#ifndef PRIVSEP_USER" >>$CONFIG_H + echo "#define PRIVSEP_USER \"$PRIVSEP_USER\"" >>$CONFIG_H + echo "#endif" >>$CONFIG_H echo "DHCPCD_SRCS+= privsep.c privsep-root.c privsep-inet.c" \ >>$CONFIG_MK if [ -z "$INET" ] || [ "$INET" = yes ]; then @@ -573,6 +578,7 @@ if $XCC _test.c -o _test >/dev/null 2>&3; then fi rm -f _test.c _test if ! $_CC; then + echo $XCC echo "$CC does not create executables" >&2 exit 1 fi @@ -1685,6 +1691,9 @@ echo " DATADIR = $DATADIR" echo " HOOKSCRIPTS = $HOOKS" echo " EGHOOKSCRIPTS = $EGHOOKS" echo " STATUSARG = $STATUSARG" +if [ "$PRIVSEP" = yes ]; then + echo " PRIVSEPUSER = $PRIVSEP_USER" +fi echo rm -f dhcpcd tests/test diff --git a/src/defs.h b/src/defs.h index 2173d80a..c2c696f7 100644 --- a/src/defs.h +++ b/src/defs.h @@ -31,8 +31,8 @@ #define PACKAGE "dhcpcd" #define VERSION "8.99.0" -#ifndef DHCPCD_USER -# define DHCPCD_USER "_" PACKAGE +#ifndef PRIVSEP_USER +# define PRIVSEP_USER "_" PACKAGE #endif #ifndef CONFIG diff --git a/src/privsep.c b/src/privsep.c index ed97723a..b1b06971 100644 --- a/src/privsep.c +++ b/src/privsep.c @@ -82,11 +82,11 @@ ps_dostart(struct dhcpcd_ctx *ctx, /* Even if we're not dropping privs, we need to ensure that the unpriv * user exists so the processes that do need it startup just fine. */ errno = 0; - if ((pw = getpwnam(DHCPCD_USER)) == NULL) { + if ((pw = getpwnam(PRIVSEP_USER)) == NULL) { ctx->options &= ~DHCPCD_PRIVSEP; if (errno == 0) { if (ctx == recv_ctx) /* Only log the once. */ - logerrx("no such user %s", DHCPCD_USER); + logerrx("no such user %s", PRIVSEP_USER); } else logerr("getpwnam"); return -1;