Репозитории ALT
S: | 4.2.8p15-alt4 |
5.1: | 4.2.4-alt5.p7 |
4.1: | 4.2.4-alt3.p4.M41.2 |
4.0: | 4.2.2-alt1.p4.3 |
3.0: | 4.1.2-alt3 |
+backports: | 4.2.4-alt0.M30.3.p4 |
Группа :: Система/Настройка/Прочее
Пакет: ntp
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: ntp-4.1.2-caen-rh-alt-droppriv.patch
Скачать
Скачать
diff -uprk.orig ntp-4.1.2.orig/configure.in ntp-4.1.2/configure.in
--- ntp-4.1.2.orig/configure.in 2003-07-17 11:47:58 +0400
+++ ntp-4.1.2/configure.in 2004-02-15 21:01:21 +0300
@@ -197,7 +197,8 @@ case "$host" in
AC_CHECK_LIB(advapi32, main)
;;
esac
-AC_CHECK_LIB(elf, nlist) dnl Only needed for tickadj...
+AC_CHECK_LIB(cap, cap_set_proc) dnl Only needed for droppriv...
+dnl AC_CHECK_LIB(elf, nlist) dnl Only needed for tickadj...
dnl AC_CHECK_LIB(kvm, main, , , -lelf)
AC_CHECK_LIB(kvm, main) dnl We already know about -lelf here...
AC_CHECK_LIB(ld, nlist)
diff -uprk.orig ntp-4.1.2.orig/html/ntpdate.htm ntp-4.1.2/html/ntpdate.htm
--- ntp-4.1.2.orig/html/ntpdate.htm 2003-07-10 13:08:20 +0400
+++ ntp-4.1.2/html/ntpdate.htm 2004-02-15 22:33:17 +0300
@@ -26,6 +26,7 @@ distribution</p>
<tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ]
[ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [
+-U <i>user_name</i> [ -T <i>chroot_dir</i> ] ] [
-t <i>timeout</i> ] <i>server</i> [ ... ]</tt>
<h4>Description</h4>
@@ -161,6 +162,21 @@ always uses unprivileged ports.</dd>
<dd>Be verbose. This option will cause <tt>ntpdate</tt>'s version
identification string to be logged.</dd>
+
+<dt><tt>-T <i>chroot_dir</i></dt>
+<dd>chroot the ntpdate process into <i>chroot_dir</i>. To use this
+option you have to copy all the files that ntpdate process needs into the
+chroot directory. This option takes effect only if the process also drops
+root privileges (see -U option).
+Empty <i>chroot_dir</i> value disables chroot jailing.
+By default, ntpdate chroots to <i>/var/empty</i>.</dd>
+
+<dt><tt>-U <i>user_name</i></tt></dt>
+<dd>ntpdate process drops root privileges and changes user ID to
+<i>user_name</i> and group ID to the primary group of <i>server_user</i>.
+Empty <i>user_name</i> value disables dropping privileges.
+To use this option you need libcap library.
+By default, ntpdate switches to pseudouser <i>ntpd</i>.</dd>
</dl>
<h4>Files</h4>
diff -uprk.orig ntp-4.1.2.orig/html/ntpd.htm ntp-4.1.2/html/ntpd.htm
--- ntp-4.1.2.orig/html/ntpd.htm 2003-07-10 13:08:20 +0400
+++ ntp-4.1.2/html/ntpd.htm 2004-02-15 22:34:51 +0300
@@ -22,7 +22,7 @@ Adventures in Wonderland</i>, Lewis Carr
driftfile</i> ] [ -g ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ]
[ -N high ] [ -p <i>pidfile</i> ] [ -r <i>broadcastdelay</i> ] [ -s
<i>statsdir</i> ] [ -t <i>key</i> ] [ -v <i>variable</i> ] [ -V <i>
-variable</i> ] [ -x ]</tt>
+variable</i> ] [ -U <i>server_user</i> [ -T <i>chroot_dir</i> ] ] [ -x ]</tt>
<h4>Description</h4>
@@ -379,6 +379,22 @@ facility.</dd>
<dd>Add a system variable listed by default.</dd>
+<DT><TT>-T <I>chroot_dir</I></DT>
+<DD>Chroot the ntpd server process into <I>chroot_dir</I>. To use this
+option you have to copy all the files that ntpd process needs into the
+chroot directory. This option takes effect only if the server also drops
+root privileges (see -U option).
+Empty <i>chroot_dir</i> value disables chroot jailing.
+By default, ntpd chroots to <I>@ROOT@</I>.</DD>
+
+<DT><TT>-U <I>server_user</I></DT>
+<DD>Ntpd process drops root privileges and changes user ID to
+<I>server_user</I> and group ID to the primary group of <I>server_user</I>.
+Empty <i>server_user</i> value disables dropping privileges.
+To use this option you need libcap library.
+By default, ntpd switches to pseudouser <I>ntpd</I>.</DD>
+</DD>
+
<dt><tt>-x</tt></dt>
<dd>Normally, the time is slewed if the offset is less than the
diff -uprk.orig ntp-4.1.2.orig/include/ntp_droppriv.h ntp-4.1.2/include/ntp_droppriv.h
--- ntp-4.1.2.orig/include/ntp_droppriv.h 1970-01-01 03:00:00 +0300
+++ ntp-4.1.2/include/ntp_droppriv.h 2004-02-15 21:54:18 +0300
@@ -0,0 +1,7 @@
+/* Username to run as */
+extern char *server_user;
+
+/* Chroot to this dir */
+extern char *chroot_dir;
+
+extern void ntp_drop_priv (const char *user, const char *dir, int keep_cap);
diff -uprk.orig ntp-4.1.2.orig/libntp/droppriv.c ntp-4.1.2/libntp/droppriv.c
--- ntp-4.1.2.orig/libntp/droppriv.c 1970-01-01 03:00:00 +0300
+++ ntp-4.1.2/libntp/droppriv.c 2004-02-15 22:28:01 +0300
@@ -0,0 +1,104 @@
+/*
+ * droppriv.c - ntp drop root helper adapted from Chris Wings drop root patch for xntpd.
+ */
+
+#include "ntp_stdlib.h"
+
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+#include <sys/capability.h>
+#include <sys/prctl.h>
+
+#include "ntp_syslog.h"
+#include "ntp_droppriv.h"
+
+void
+ntp_drop_priv (const char *user, const char *dir, int keep_cap)
+{
+ struct passwd *pw;
+
+ if (!user)
+ user = "ntpd";
+
+ if (!*user || geteuid())
+ return;
+
+ tzset();
+
+ if (setgroups (0, 0) < 0)
+ {
+ msyslog (LOG_ERR, "setgroups failed");
+ exit (1);
+ }
+
+ if (!(pw = getpwnam (user)))
+ {
+ msyslog (LOG_ERR, "lookup of user \"%s\" failed", user);
+ exit (1);
+ }
+ endpwent ();
+
+ if (!dir)
+ dir = "@ROOT@";
+
+ if (*dir)
+ {
+ if (!keep_cap && !strcmp (dir, "@ROOT@"))
+ dir = "/var/resolv";
+
+ if (chroot (dir) < 0 || chdir ("/") < 0)
+ {
+ msyslog (LOG_ERR, "chroot to \"%s\" failed", dir);
+ exit (1);
+ }
+ }
+
+ if (setgid (pw->pw_gid) < 0)
+ {
+ msyslog (LOG_ERR, "setgid failed");
+ exit (1);
+ }
+
+ if (keep_cap)
+ {
+ cap_t caps;
+
+ if (prctl (PR_SET_KEEPCAPS, 1))
+ {
+ msyslog (LOG_ERR, "prctl failed");
+ exit (1);
+ }
+
+ if (seteuid (pw->pw_uid) < 0)
+ {
+ msyslog (LOG_ERR, "seteuid failed");
+ exit (1);
+ }
+
+ if (!(caps = cap_from_text ("cap_sys_time=ep")))
+ {
+ msyslog (LOG_ERR, "cap_from_text failed");
+ exit (1);
+ }
+
+ if (cap_set_proc (caps) < 0)
+ {
+ msyslog (LOG_ERR, "cap_set_proc failed");
+ exit (1);
+ }
+
+ cap_free (caps);
+ }
+
+ if (setreuid (pw->pw_uid, pw->pw_uid) < 0)
+ {
+ msyslog (LOG_ERR, "setreuid failed");
+ exit (1);
+ }
+
+ msyslog (LOG_INFO, "running as uid(%d)/gid(%d) euid(%d)/egid(%d)%s%s%s",
+ getuid(), getgid(), geteuid(), getegid(),
+ (keep_cap ? " with cap_sys_time" : ""),
+ (dir ? " chrooted to " : ""), (dir ?: ""));
+}
diff -uprk.orig ntp-4.1.2.orig/libntp/Makefile.am ntp-4.1.2/libntp/Makefile.am
--- ntp-4.1.2.orig/libntp/Makefile.am 2002-03-26 18:59:57 +0300
+++ ntp-4.1.2/libntp/Makefile.am 2004-02-15 21:01:21 +0300
@@ -12,7 +12,7 @@ libntp_a_SOURCES = a_md5encrypt.c adjtim
msyslog.c netof.c numtoa.c numtohost.c octtoint.c prettydate.c \
ranny.c recvbuff.c refnumtoa.c snprintf.c statestr.c strdup.c \
strerror.c syssignal.c systime.c tsftomsu.c tstotv.c tvtoa.c tvtots.c \
- uglydate.c uinttoa.c utvtoa.c ymd2yd.c
+ uglydate.c uinttoa.c utvtoa.c ymd2yd.c droppriv.c
EXTRA_libntp_a_SOURCES = adjtimex.c log.c random.c
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/librsaref
ETAGS_ARGS = Makefile.am
diff -uprk.orig ntp-4.1.2.orig/ntpd/cmd_args.c ntp-4.1.2/ntpd/cmd_args.c
--- ntp-4.1.2.orig/ntpd/cmd_args.c 2003-06-18 08:16:47 +0400
+++ ntp-4.1.2/ntpd/cmd_args.c 2004-02-15 22:24:56 +0300
@@ -8,6 +8,7 @@
#include "ntpd.h"
#include "ntp_stdlib.h"
#include "ntp_cmdargs.h"
+#include "ntp_droppriv.h"
/*
* Definitions of things either imported from or exported to outside
@@ -15,8 +16,8 @@
extern char const *progname;
int listen_to_virtual_ips = 0;
-static const char *ntp_options = "aAbc:dD:f:gk:l:LmnN:p:P:qr:s:t:v:V:x-:";
-
+static const char *ntp_options = "aAbc:dD:f:gk:l:LmnN:p:P:qr:s:t:v:V:U:T:x-:";
+
#ifdef HAVE_NETINFO
extern int check_netinfo;
#endif
@@ -133,6 +134,24 @@ getstartup(
}
break;
+ case 'U':
+ if (!ntp_optarg) {
+ fprintf(stderr, "%s: need username with 'U' option\n", progname);
+ ++errflg;
+ } else {
+ server_user = strdup(ntp_optarg);
+ }
+ break;
+
+ case 'T':
+ if (!ntp_optarg) {
+ fprintf(stderr, "%s: need directory with 'T' option\n", progname);
+ ++errflg;
+ } else {
+ chroot_dir = strdup(ntp_optarg);
+ }
+ break;
+
default:
break;
}
@@ -142,6 +163,7 @@ getstartup(
(void) fprintf(stderr, "\t\t[ -f freq_file ] [ -k key_file ] [ -l log_file ]\n");
(void) fprintf(stderr, "\t\t[ -p pid_file ] [ -r broad_delay ] [ -s statdir ]\n");
(void) fprintf(stderr, "\t\t[ -t trust_key ] [ -v sys_var ] [ -V default_sysvar ]\n");
+ (void) fprintf(stderr, "\t\t[ -U server_user [ -T chroot_dir ] ]\n");
#if defined(HAVE_SCHED_SETSCHEDULER)
(void) fprintf(stderr, "\t\t[ -P fixed_process_priority ]\n");
#endif
@@ -312,6 +334,10 @@ getCmdOpts(
allow_step = FALSE;
break;
+ case 'U': /* already done at pre-scan */
+ case 'T': /* already done at pre-scan */
+ break;
+
default:
errflg++;
break;
@@ -323,6 +349,7 @@ getCmdOpts(
(void) fprintf(stderr, "\t\t[ -f freq_file ] [ -k key_file ] [ -l log_file ]\n");
(void) fprintf(stderr, "\t\t[ -p pid_file ] [ -r broad_delay ] [ -s statdir ]\n");
(void) fprintf(stderr, "\t\t[ -t trust_key ] [ -v sys_var ] [ -V default_sysvar ]\n");
+ (void) fprintf(stderr, "\t\t[ -T chroot_dir ] [ -U server_user ]\n");
#if defined(HAVE_SCHED_SETSCHEDULER)
(void) fprintf(stderr, "\t\t[ -P fixed_process_priority ]\n");
#endif
diff -uprk.orig ntp-4.1.2.orig/ntpd/ntpd.c ntp-4.1.2/ntpd/ntpd.c
--- ntp-4.1.2.orig/ntpd/ntpd.c 2003-06-20 12:46:31 +0400
+++ ntp-4.1.2/ntpd/ntpd.c 2004-02-15 21:56:23 +0300
@@ -103,6 +103,14 @@
#include "ntp_crypto.h"
#endif /* PUBKEY */
+#include "ntp_droppriv.h"
+
+/* Username to run as */
+char *server_user;
+
+/* Chroot to this dir */
+char *chroot_dir;
+
/*
* Signals we catch for debugging. If not debugging we ignore them.
*/
@@ -753,6 +761,9 @@ service_main(
crypto_setup();
#endif /* PUBKEY */
#endif /* AUTOKEY */
+
+ ntp_drop_priv (server_user, chroot_dir, 1);
+
initializing = 0;
#if defined(SYS_WINNT) && !defined(NODETACH)
diff -uprk.orig ntp-4.1.2.orig/ntpd/ntp_intres.c ntp-4.1.2/ntpd/ntp_intres.c
--- ntp-4.1.2.orig/ntpd/ntp_intres.c 2003-06-21 13:46:30 +0400
+++ ntp-4.1.2/ntpd/ntp_intres.c 2004-02-15 22:23:27 +0300
@@ -26,6 +26,7 @@
#include "ntp_request.h"
#include "ntp_stdlib.h"
#include "ntp_syslog.h"
+#include "ntp_droppriv.h"
#include <stdio.h>
#include <ctype.h>
@@ -229,6 +230,8 @@ ntp_intres(void)
if (!debug )
(void) unlink(req_file);
+ ntp_drop_priv (server_user, chroot_dir, 0);
+
/*
* Sleep a little to make sure the server is completely up
*/
diff -uprk.orig ntp-4.1.2.orig/ntpdate/ntpdate.c ntp-4.1.2/ntpdate/ntpdate.c
--- ntp-4.1.2.orig/ntpdate/ntpdate.c 2002-09-18 10:40:44 +0400
+++ ntp-4.1.2/ntpdate/ntpdate.c 2004-02-15 21:56:47 +0300
@@ -90,6 +90,14 @@ static timer_t ntpdate_timerid;
#define NTP_MAXLIST 5 /* maximum select list size */
#define PEER_SHIFT 8 /* 8 suitable for crystal time base */
+#include "ntp_droppriv.h"
+
+/* Username to run as */
+char *server_user;
+
+/* Chroot to this dir */
+char *chroot_dir = "/var/empty";
+
/*
* Debugging flag
*/
@@ -336,7 +344,7 @@ ntpdatemain (
/*
* Decode argument list
*/
- while ((c = ntp_getopt(argc, argv, "a:bBde:k:o:p:qr:st:uv")) != EOF)
+ while ((c = ntp_getopt(argc, argv, "a:bBde:k:o:p:qr:st:uvU:T:")) != EOF)
switch (c)
{
case 'a':
@@ -422,13 +430,30 @@ ntpdatemain (
case '?':
++errflg;
break;
+ case 'U':
+ if (!ntp_optarg) {
+ fprintf(stderr, "%s: need username with 'U' option\n", progname);
+ ++errflg;
+ } else {
+ server_user = strdup(ntp_optarg);
+ }
+ break;
+ case 'T':
+ if (!ntp_optarg) {
+ fprintf(stderr, "%s: need directory with 'T' option\n", progname);
+ ++errflg;
+ } else {
+ chroot_dir = strdup(ntp_optarg);
+ }
+ break;
+
default:
break;
}
if (errflg) {
(void) fprintf(stderr,
- "usage: %s [-bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-r rate] [-t timeo] server ...\n",
+ "usage: %s [-bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-r rate] [-t timeo] [-U username [-T chroot_dir]] server ...\n",
progname);
exit(2);
}
@@ -517,7 +544,6 @@ ntpdatemain (
}
}
init_io();
- init_alarm();
/*
* Set the priority.
@@ -538,9 +564,13 @@ ntpdatemain (
}
#endif /* SYS_WINNT */
- initializing = 0;
+ ntp_drop_priv (server_user, chroot_dir, 1);
+ init_alarm();
was_alarmed = 0;
+
+ initializing = 0;
+
rbuflist = (struct recvbuf *)0;
while (complete_servers < sys_numservers) {
#ifdef HAVE_POLL_H