On 31/01/2021 11:15, RVP wrote:
On Sun, 31 Jan 2021, Roy Marples wrote:Why does this not work for dhcpcd privilege separation?I suspect this is what's happening: $ cat t.c #include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int argc, char* argv[]) { char* s; printf("dropping privs\n"); setgid(getgid()); setuid(getuid()); s = malloc(BUFSIZ); return 0; }
I sent this patch as well to disable that:
diff -r 7ea0253a7567 external/bsd/dhcpcd/dist/src/privsep.c
--- a/external/bsd/dhcpcd/dist/src/privsep.c Fri Jan 29 07:58:57 2021 +0000
+++ b/external/bsd/dhcpcd/dist/src/privsep.c Sun Jan 31 02:50:23 2021 +0000
@@ -114,6 +114,8 @@
static int
ps_dropprivs(struct dhcpcd_ctx *ctx)
{
+return 0;
+
struct passwd *pw = ctx->ps_user;
if (ctx->options & DHCPCD_LAUNCHER)
So all it's doing is forking and running as root.
I'm just surprised that it's not working is all.
What I want to end up with is some #ifdef SANITIZE foo so that enough is
disabled to make it work.
Roy