From a6ea15418ce4e251f5b963033dcf5e0f37c7f304 Mon Sep 17 00:00:00 2001 From: Chris Leech Date: Jun 11 2013 23:16:33 +0000 Subject: 894576 fix order of setuid/setgid and drop additional groups --- diff --git a/0063-fix-order-of-setting-uid-gid-and-drop-supplementary-.patch b/0063-fix-order-of-setting-uid-gid-and-drop-supplementary-.patch new file mode 100644 index 0000000..cedb4e0 --- /dev/null +++ b/0063-fix-order-of-setting-uid-gid-and-drop-supplementary-.patch @@ -0,0 +1,68 @@ +From 3cac85a3f97d0a22270166f428209f873b58c319 Mon Sep 17 00:00:00 2001 +From: Chris Leech +Date: Tue, 11 Jun 2013 11:25:27 -0700 +Subject: [PATCH] iscsid: fix order of setting uid/gid and drop supplementary + groups + +If using the user and group ID settings together the existing order of +calling setuid first will almost always cause the setgid call to fail, +assuming the new effective user id does not have the CAP_SETGID +capability. The effective group ID needs to change first. + +While we're at it, if iscsid is started as root it should drop any +inherited supplementary group permissions. + +And if anyone is actually using this to try and isolate capabilities, +they probably care enough to want to known that it is failing. Make +iscsid startup fail instead of just calling perror. + +Signed-off-by: Chris Leech +--- + usr/iscsid.c | 23 +++++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +diff --git a/usr/iscsid.c b/usr/iscsid.c +index b4bb65b..c0ea6fa 100644 +--- a/usr/iscsid.c ++++ b/usr/iscsid.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -477,11 +478,25 @@ int main(int argc, char *argv[]) + } + } + +- if (uid && setuid(uid) < 0) +- perror("setuid\n"); ++ if (gid && setgid(gid) < 0) { ++ log_error("Unable to setgid to %d\n", gid); ++ log_close(log_pid); ++ exit(ISCSI_ERR); ++ } + +- if (gid && setgid(gid) < 0) +- perror("setgid\n"); ++ if ((geteuid() == 0) && (getgroups(0, NULL))) { ++ if (setgroups(0, NULL) != 0) { ++ log_error("Unable to drop supplementary group ids\n"); ++ log_close(log_pid); ++ exit(ISCSI_ERR); ++ } ++ } ++ ++ if (uid && setuid(uid) < 0) { ++ log_error("Unable to setuid to %d\n", uid); ++ log_close(log_pid); ++ exit(ISCSI_ERR); ++ } + + memset(&daemon_config, 0, sizeof (daemon_config)); + daemon_config.pid_file = pid_file; +-- +1.8.1.4 + diff --git a/iscsi-initiator-utils.spec b/iscsi-initiator-utils.spec index 71486b9..0ea998e 100644 --- a/iscsi-initiator-utils.spec +++ b/iscsi-initiator-utils.spec @@ -43,6 +43,7 @@ Patch59: 0059-iscsiuio-systemd-unit-files.patch Patch60: 0060-use-systemctl-to-start-iscsid.patch Patch61: 0061-resolve-565245-multilib-issues-caused-by-doxygen.patch Patch62: 0062-Don-t-check-for-autostart-sessions-if-iscsi-is-not-u.patch +Patch63: 0063-fix-order-of-setting-uid-gid-and-drop-supplementary-.patch # iscsiuio patches Patch71: 0071-iscsiuio-0.7.4.3.patch Patch72: 0072-iscsiuio-0.7.6.1.patch @@ -112,6 +113,7 @@ mv iscsiuio-%{iscsiuio_version} iscsiuio %patch60 -p1 %patch61 -p1 %patch62 -p1 +%patch63 -p1 # iscsiuio patches cd iscsiuio %patch71 -p1 @@ -274,6 +276,7 @@ fi * Tue Jun 11 2013 Chris Leech - 6.2.0.873-7 - Use the systemd tmpfiles service to recreate lockfiles in /var/lock - 955167 build as a position independent executable +- 894576 fix order of setuid/setgid and drop additional groups * Tue May 28 2013 Chris Leech - 6.2.0.873-6 - Don't have iscsiadm scan for autostart record if node db is empty (bug #951951)