GNOME.org
 

[network-manager-openconnect] Check for success when dropping privs.

commit f88cd27978fd8d4bcdfee96c6150b418719effb9
Author: David Woodhouse <David Woodhouse intel com>
Date:   Thu Mar 29 13:15:06 2012 +0100

    Check for success when dropping privs.
    
    If the nm-openconnect user exists, but setuid/setgid fails, then abort.
    
    Error handling is somewhat suboptimal here, since it's done in the
    pre-spawn function in the child. But it should never happen anyway; the
    only reason we're looking at it is because this code path was
    (correctly) highlighted in a security review.

 src/nm-openconnect-service.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
index a5d95ce..168d154 100644
--- a/src/nm-openconnect-service.c
+++ b/src/nm-openconnect-service.c
@@ -213,8 +213,11 @@ nm_openconnect_secrets_validate (NMSettingVPN *s_vpn, GError **error)
 static void openconnect_drop_child_privs(gpointer user_data)
 {
 	if (tun_name) {
-		initgroups(NM_OPENCONNECT_USER, tun_group);
-		setuid((uid_t)tun_owner);
+		if (initgroups(NM_OPENCONNECT_USER, tun_group) ||
+			setgid(tun_group) || setuid(tun_owner)) {
+			g_warning ("Failed to drop privileges when spawning openconnect");
+			exit (1);
+		}
 	}
 }
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]