diff options
author | Lukasz Kutyla | 2015-10-17 21:15:15 +0200 |
---|---|---|
committer | Gert Doering | 2015-10-18 13:36:08 +0200 |
commit | 825b3272acb353e04b37f38299d4df7e63e87d9e (patch) | |
tree | 0446bb5d3f54c6092d4e4844a81ac0e711924213 /src/openvpn/init.c | |
parent | 5203d8094f38a9d23d983377171c11b1d3a82ad2 (diff) | |
download | openvpn-825b3272acb353e04b37f38299d4df7e63e87d9e.zip openvpn-825b3272acb353e04b37f38299d4df7e63e87d9e.tar.gz |
Fix privilege drop if first connection attempt fails
OpenVPN does not drop privileges (UID/GID/chroot) as requested according
to the configuration file and/or passed arguments if the first connection
attempt is not established successfully, this also includes applying
SELinux context.
Signals and restarts are processed after "context.first_time" is set to
"false", which results in omitting entire privilege dropping block in
"do_uid_gid_chroot()" when successful connection is finally made
(everything is initialized correctly and said function is called), since
"context.first_time" is used as block entry condition.
We modify "do_uid_gid_chroot()" in such a way that allows us to drop
privileges even when first connection attempt was unsuccessful.
Signed-off-by: Lukasz Kutyla <movrax-dev@cryptolab.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20151018103446.5fed9f97.movrax-dev@cryptolab.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10301
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20151018103446.5fed9f97.movrax-dev@cryptolab.net
20151018103446.5fed9f97.movrax-dev@cryptolab.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10301
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/init.c')
-rw-r--r-- | src/openvpn/init.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 5dd8781..c5c0ab6 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -950,31 +950,30 @@ do_uid_gid_chroot (struct context *c, bool no_delay) static const char why_not[] = "will be delayed because of --client, --pull, or --up-delay"; struct context_0 *c0 = c->c0; - if (c->first_time && c0 && !c0->uid_gid_set) + if (c0 && !c0->uid_gid_chroot_set) { /* chroot if requested */ if (c->options.chroot_dir) { if (no_delay) platform_chroot (c->options.chroot_dir); - else + else if (c->first_time) msg (M_INFO, "NOTE: chroot %s", why_not); } - /* set user and/or group that we want to setuid/setgid to */ - if (no_delay) + /* set user and/or group if we want to setuid/setgid */ + if (c0->uid_gid_specified) { - platform_group_set (&c0->platform_state_group); - platform_user_set (&c0->platform_state_user); - c0->uid_gid_set = true; - } - else if (c0->uid_gid_specified) - { - msg (M_INFO, "NOTE: UID/GID downgrade %s", why_not); + if (no_delay) { + platform_group_set (&c0->platform_state_group); + platform_user_set (&c0->platform_state_user); + } + else if (c->first_time) + msg (M_INFO, "NOTE: UID/GID downgrade %s", why_not); } #ifdef ENABLE_MEMSTATS - if (c->options.memstats_fn) + if (c->first_time && c->options.memstats_fn) mstats_open(c->options.memstats_fn); #endif @@ -993,10 +992,16 @@ do_uid_gid_chroot (struct context *c, bool no_delay) else msg (M_INFO, "setcon to '%s' succeeded", c->options.selinux_context); } - else + else if (c->first_time) msg (M_INFO, "NOTE: setcon %s", why_not); } #endif + + /* Privileges are going to be dropped by now (if requested), be sure + * to prevent any future privilege dropping attempts from now on. + */ + if (no_delay) + c0->uid_gid_chroot_set = true; } } |