Implement privilege dropping
Add two options, -R/--chroot and -U/--user=user, to chroot to the config directory (where tinc.conf is located) and to perform setuid to the user specified, after all the initialization is done. What's left is handling of pid file since we can't remove it anymore.
This commit is contained in:
Michael Tokarev
Guus Sliepen
parent
6698f7c390
commit
ec316aa32e
3 changed files with 103 additions and 3 deletions
|
|
@ -1511,6 +1511,23 @@ Write PID to @var{file} instead of @file{@value{localstatedir}/run/tinc.@var{net
|
|||
Disables encryption and authentication.
|
||||
Only useful for debugging.
|
||||
|
||||
@item -R, --chroot
|
||||
Change process root directory to the directory where the config file is
|
||||
located (@file{@value{sysconfdir}/tinc/@var{netname}/} as determined by
|
||||
-n/--net option or as given by -c/--config option), for added security.
|
||||
The chroot is performed after all the initialization is done, after
|
||||
writing pid files and opening network sockets.
|
||||
|
||||
Note that this option alone does not do any good without -U/--user, below.
|
||||
|
||||
Note also that tinc can't run scripts anymore (such as tinc-down or host-up),
|
||||
unless it's setup to be runnable inside chroot environment.
|
||||
|
||||
@item -U, --user=@var{user}
|
||||
Switch to the given @var{user} after initialization, at the same time as
|
||||
chroot is performed (see --chroot above). With this option tinc drops
|
||||
privileges, for added security.
|
||||
|
||||
@item --help
|
||||
Display a short reminder of these runtime options and terminate.
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
.Nd tinc VPN daemon
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl cdDkKnL
|
||||
.Op Fl cdDkKnLRU
|
||||
.Op Fl -config Ns = Ns Ar DIR
|
||||
.Op Fl -no-detach
|
||||
.Op Fl -debug Ns Op = Ns Ar LEVEL
|
||||
|
|
@ -19,6 +19,8 @@
|
|||
.Op Fl -logfile Ns Op = Ns Ar FILE
|
||||
.Op Fl -pidfile Ns = Ns Ar FILE
|
||||
.Op Fl -bypass-security
|
||||
.Op Fl -chroot
|
||||
.Op Fl -user Ns = Ns Ar USER
|
||||
.Op Fl -help
|
||||
.Op Fl -version
|
||||
.Sh DESCRIPTION
|
||||
|
|
@ -87,6 +89,14 @@ Under Windows this option will be ignored.
|
|||
.It Fl -bypass-security
|
||||
Disables encryption and authentication of the meta protocol.
|
||||
Only useful for debugging.
|
||||
.It Fl -chroot
|
||||
With this option tinc chroots into the directory where network
|
||||
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
|
||||
or to the directory specified with -c option) after initialization.
|
||||
.It Fl -user Ns = Ns Ar USER
|
||||
setuid to the specified
|
||||
.Ar USER
|
||||
after initialization.
|
||||
.It Fl -help
|
||||
Display short list of options.
|
||||
.It Fl -version
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue