Add patches to gamin to enable support for effective uid/gid, add a option for

this and turn it on by default. Current gamin uses the current real uid to determine the location of the socket and during the security routines. It also forks off a copy of "gam_server" as the current real uid as well. This breaks gamin functionality with any application that uses effective an uid/gid for privilege separation, such as samba. Samba runs as root, but always sets the effective uid/gid to that of the connecting user. Since gamin is only aware of the real uid, it always creates a root-owned gamin socket that the effective user can't touch (gamin's own security checks refuse it). PR: ports/176203 Submitted by: Danny Warren <danny@dannywarren.com> Reviewed by: marcus@
author: Koop Mast <kwm@FreeBSD.org> 2013-03-22 16:30:36 +0000
committer: Koop Mast <kwm@FreeBSD.org> 2013-03-22 16:30:36 +0000
commit: 5c7840c4a2d12f887e7a9976cb61b11a2633f59c (patch)
tree: 1905ebab26078980c86b869cd1f6d454192d7e91 /devel/gamin
parent: b9ef7d0740007ed408c5f03b7f8e9c8a2f162b85 (diff)
download: ports-5c7840c4a2d12f887e7a9976cb61b11a2633f59c.tar.gz
ports-5c7840c4a2d12f887e7a9976cb61b11a2633f59c.zip
4 files changed, 164 insertions, 11 deletions
diff --git a/devel/gamin/Makefile b/devel/gamin/Makefile
index 7ca26653ef0a..e9e58c68c60b 100644
--- a/devel/gamin/Makefile
+++ b/devel/gamin/Makefile
@@ -4,7 +4,7 @@
 
 PORTNAME=	gamin
 PORTVERSION=	0.1.10
-PORTREVISION?=	4
+PORTREVISION?=	5
 CATEGORIES?=	devel
 MASTER_SITES=	http://people.gnome.org/~veillard/gamin/sources/
 
@@ -27,9 +27,11 @@ CONFLICTS=	fam-[0-9]*
 GNU_CONFIGURE=	yes
 
 .if !defined(GAMIN_SLAVE)
-OPTIONS_DEFINE=	GAM_POLLER LIBINOTIFY
+OPTIONS_DEFINE=	GAM_POLLER LIBINOTIFY RUN_AS_EUID
+OPTIONS_DEFAULT=RUN_AS_EUID
 GAM_POLLER_DESC=Use gamin's poller instead of kqueue's
 LIBINOTIFY_DESC=Use libinotify as the FAM backend
+RUN_AS_EUID_DESC=Drop privileges to effective user
 .endif
 
 .include <bsd.port.options.mk>
@@ -48,6 +50,10 @@ CONFIGURE_ARGS+=--disable-inotify
 .endif
 .endif
 
+.if ${PORT_OPTIONS:MRUN_AS_EUID}
+CPPFLAGS+=	-DRUN_AS_EUID=1
+.endif
+
 post-patch:
 	@${REINPLACE_CMD} "s|/etc|${PREFIX}/etc|g" ${WRKSRC}/server/gam_conf.c
 
diff --git a/devel/gamin/files/patch-libgamin_gam_api.c b/devel/gamin/files/patch-libgamin_gam_api.c
index 7c46e93354a3..9f2672c1d936 100644
--- a/devel/gamin/files/patch-libgamin_gam_api.c
+++ b/devel/gamin/files/patch-libgamin_gam_api.c
@@ -1,5 +1,5 @@
---- libgamin/gam_api.c.orig	Tue Feb  7 17:49:07 2006
-+++ libgamin/gam_api.c	Tue Feb  7 17:49:13 2006
+--- libgamin/gam_api.c.orig	2007-08-27 03:21:03.000000000 -0700
++++ libgamin/gam_api.c	2013-02-16 15:51:11.927100135 -0800
 @@ -14,6 +14,7 @@
  #include <sys/socket.h>
  #include <sys/un.h>
@@ -8,7 +8,43 @@
  #include "fam.h"
  #include "gam_protocol.h"
  #include "gam_data.h"
-@@ -421,10 +422,10 @@
+@@ -117,7 +118,11 @@
+     if (user_name[0] != 0)
+         return (user_name);
+ 
++#ifdef RUN_AS_EUID
++    pw = getpwuid(geteuid());
++#else
+     pw = getpwuid(getuid());
++#endif
+ 
+     if (pw != NULL) {
+ 	strncpy(user_name, pw->pw_name, 99);
+@@ -224,7 +229,11 @@
+ 	free(dir);
+ 	return(0);
+     }
++#ifdef RUN_AS_EUID
++    if (st.st_uid != geteuid()) {
++#else
+     if (st.st_uid != getuid()) {
++#endif
+ 	gam_error(DEBUG_INFO,
+ 		  "Socket directory %s has different owner\n",
+ 		  dir);
+@@ -301,7 +310,11 @@
+     if (ret < 0)
+ 	return(0);
+     
++#ifdef RUN_AS_EUID
++    if (st.st_uid != geteuid()) {
++#else
+     if (st.st_uid != getuid()) {
++#endif
+ 	gam_error(DEBUG_INFO,
+ 		  "Socket %s has different owner\n",
+ 		  path);
+@@ -428,10 +441,10 @@
  {
      char data[2] = { 0, 0 };
      int written;
@@ -22,7 +58,7 @@
      } cmsg;
      struct iovec iov;
      struct msghdr msg;
-@@ -436,16 +437,16 @@
+@@ -443,16 +456,16 @@
      msg.msg_iov = &iov;
      msg.msg_iovlen = 1;
  
@@ -43,7 +79,7 @@
      written = sendmsg(fd, &msg, 0);
  #else
      written = write(fd, &data[0], 1);
-@@ -647,15 +648,16 @@
+@@ -654,15 +667,20 @@
      gid_t c_gid;
  
  #ifdef HAVE_CMSGCRED
@@ -56,14 +92,18 @@
      } cmsg;
  #endif
  
++#ifdef RUN_AS_EUID
++    s_uid = geteuid();
++#else
      s_uid = getuid();
++#endif
  
 -#if defined(LOCAL_CREDS) && defined(HAVE_CMSGCRED)
 +#if defined(LOCAL_CREDS) && defined(HAVE_CMSGCRED) && !defined(__FreeBSD__)
      /* Set the socket to receive credentials on the next message */
      {
          int on = 1;
-@@ -676,8 +678,8 @@
+@@ -683,8 +701,8 @@
  
  #ifdef HAVE_CMSGCRED
      memset(&cmsg, 0, sizeof(cmsg));
@@ -74,7 +114,7 @@
  #endif
  
  retry:
-@@ -694,7 +696,7 @@
+@@ -701,7 +719,7 @@
          goto failed;
      }
  #ifdef HAVE_CMSGCRED
@@ -83,7 +123,7 @@
          GAM_DEBUG(DEBUG_INFO,
                    "Message from recvmsg() was not SCM_CREDS\n");
          goto failed;
-@@ -720,9 +722,10 @@
+@@ -727,9 +745,10 @@
              goto failed;
          }
  #elif defined(HAVE_CMSGCRED)
@@ -97,7 +137,7 @@
  #else /* !SO_PEERCRED && !HAVE_CMSGCRED */
          GAM_DEBUG(DEBUG_INFO,
                    "Socket credentials not supported on this OS\n");
-@@ -1283,14 +1286,17 @@
+@@ -1288,14 +1307,17 @@
  
      // FIXME: drop and reacquire lock while blocked?
      gamin_data_lock(conn);
diff --git a/devel/gamin/files/patch-libgamin_gam_fork.c b/devel/gamin/files/patch-libgamin_gam_fork.c
new file mode 100644
index 000000000000..8ed0e222f769
--- /dev/null
+++ b/devel/gamin/files/patch-libgamin_gam_fork.c
@@ -0,0 +1,95 @@
+--- libgamin/gam_fork.c.orig	2007-07-04 06:36:48.000000000 -0700
++++ libgamin/gam_fork.c	2013-02-16 20:37:31.298176973 -0800
+@@ -42,6 +42,78 @@
+     return NULL;
+ }
+ 
++#ifdef RUN_AS_EUID
++/**
++ * gamin_drop_privileges
++ *
++ * Attempt to drop privileges to another user and group before forking
++ * a copy of the gam server
++ * 
++ * Return 0 in case of success or -1 in case of detected error.
++ */
++int
++gamin_drop_privileges(int to_uid, int to_gid)
++{
++    GAM_DEBUG(DEBUG_INFO, "Dropping privileges to %d:%d before forking server\n", to_uid, to_gid);
++
++    /* Get the current real user and group */
++    int from_uid = getuid();
++    int from_gid = getgid();
++
++    /* Make sure we were able to get the user and group values */
++    if ( from_uid == -1 || to_uid == -1 || from_gid == -1 || to_gid == -1 ) {
++        gam_error(DEBUG_INFO, "failed to get user or group info, unable to drop privileges\n");
++        return(-1);
++    }
++
++    /* Refuse to run setuid if it would escalate privileges */
++    if ( from_uid != 0 && to_uid == 0 )
++    {
++        gam_error(DEBUG_INFO, "refusing to escalate user privileges from=%d to=%d\n", from_uid, to_uid);
++        return(-1);
++    }
++
++    /* Refuse to run setgid if it would escalate privileges */
++    if ( from_gid != 0 && to_gid == 0 )
++    {
++        gam_error(DEBUG_INFO, "refusing to escalate group privileges from=%d to=%d\n", from_gid, to_gid);
++        return(-1);
++    }
++
++    /* Run setuid to drop privileges to the effective user */
++    if ( from_uid != to_uid ) {
++        GAM_DEBUG(DEBUG_INFO, "Attempting setuid from=%d to=%d\n", from_uid, to_uid);
++
++        /* run setuid and check for errors */
++        if (setuid(to_uid) == -1) {
++            gam_error(DEBUG_INFO, "failed to run setuid from=%d to=%d\n", from_uid, to_uid);
++            return(-1);
++        }
++    }
++    else {
++        GAM_DEBUG(DEBUG_INFO, "Already running as effective user, skipping setuid\n");
++    }
++
++    /* Run setgid to drop privileges to the effective group */
++    if ( from_gid != to_gid ) {
++        GAM_DEBUG(DEBUG_INFO, "Attempting setgid from=%d to=%d\n", from_gid, to_gid);
++
++        /* run setuid and check for errors */
++        if (setgid(to_gid) == -1) {
++            gam_error(DEBUG_INFO, "failed to run setgid from=%d to=%d\n", from_gid, to_gid);
++            return(-1);
++        }
++    }
++    else {
++        GAM_DEBUG(DEBUG_INFO, "Already running as effective group, skipping setgid\n");
++    }
++
++    GAM_DEBUG(DEBUG_INFO, "Succeeded in dropping privileges from %d:%d to %d:%d\n", from_uid, from_gid, to_uid, to_gid);
++
++    return(0);
++}
++#endif
++
+ /**
+  * gamin_fork_server:
+  * @fam_client_id: the client ID string to use
+@@ -71,6 +143,13 @@
+         long open_max;
+ 	long i;
+ 
++#ifdef RUN_AS_EUID
++        /* Drop privileges to the current effective uid/gid and return on failure */
++        if(gamin_drop_privileges( geteuid(), getegid() ) == -1) {
++            return(-1);
++        }
++#endif
++
+         /* don't hold open fd opened from the client of the library */
+ 	open_max = sysconf (_SC_OPEN_MAX);
+ 	for (i = 0; i < open_max; i++)
diff --git a/devel/gamin/files/patch-libgamin_gam_fork.h b/devel/gamin/files/patch-libgamin_gam_fork.h
new file mode 100644
index 000000000000..db96b2d05fcf
--- /dev/null
+++ b/devel/gamin/files/patch-libgamin_gam_fork.h
@@ -0,0 +1,12 @@
+--- libgamin/gam_fork.h.orig	2007-07-04 06:36:48.000000000 -0700
++++ libgamin/gam_fork.h	2013-02-16 20:38:00.328594608 -0800
+@@ -32,6 +32,9 @@
+ #endif
+ 
+ int		gamin_fork_server	(const char *fam_client_id);
++#ifdef RUN_AS_EUID
++int		gamin_drop_privileges	(int to_uid, int to_gid);
++#endif
+ 
+ #ifdef __cplusplus
+ }
author	Koop Mast <kwm@FreeBSD.org>	2013-03-22 16:30:36 +0000
committer	Koop Mast <kwm@FreeBSD.org>	2013-03-22 16:30:36 +0000
commit	5c7840c4a2d12f887e7a9976cb61b11a2633f59c (patch)
tree	1905ebab26078980c86b869cd1f6d454192d7e91 /devel/gamin
parent	b9ef7d0740007ed408c5f03b7f8e9c8a2f162b85 (diff)
download	ports-5c7840c4a2d12f887e7a9976cb61b11a2633f59c.tar.gz ports-5c7840c4a2d12f887e7a9976cb61b11a2633f59c.zip