Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Nov 2015 15:30:26 +0100 (CET)
From:      =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no>
To:        Matthias Apitz <guru@unixarea.de>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: vpnc && setuid
Message-ID:  <alpine.BSF.2.20.1511121527501.22820@mail.fig.ol.no>
In-Reply-To: <20151112134447.GA4418@c720-r276659>
References:  <20151112093622.GA3261@c720-r276659> <CALfReydC1JD1LNUHHPev=q7WA98b52mootDngOQmEtXTUKkWYA@mail.gmail.com> <20151112101333.GA3606@c720-r276659> <CALfReydZkhuAjqphEsBkn++zV1emBj5VUjfSpe+DyOr=mmZdDw@mail.gmail.com> <20151112120549.GA3983@c720-r276659> <20151112134447.GA4418@c720-r276659>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Thu, 12 Nov 2015 14:44+0100, Matthias Apitz wrote:

> El día Thursday, November 12, 2015 a las 01:05:49PM +0100, Matthias Apitz escribió:
> 
> > El día Thursday, November 12, 2015 a las 10:19:38AM +0000, krad escribió:
> > 
> > > Looks like you need to 640 or 644 it.
> > 
> > Why? The /usr/local/sbin/vpnc is set to:
> > 
> > # ls -l /usr/local/sbin/vpnc
> > -rwsr-xr-x  1 root  wheel  105092 10 nov 20:12 /usr/local/sbin/vpnc
> > 
> > and the proc should run with euid=0, i.e. as root, but does not do this
> > and the question is, why?
> 
> I wrote a small C-pgm:
> 
> #define _GNU_SOURCE
> #include <sys/types.h>
> #include <unistd.h>
> #include <stdio.h>
> #include <errno.h>
> #define call(fun) errno = 0; fun; perror(#fun)
> 
> int main(int argc, char **argv) {
>   FILE *fp;
>   uid_t ruid = -1, euid = -1, suid = -1;
>   getresuid(&ruid, &euid, &suid);
>   printf("> ruid=%d, euid=%d, suid=%d\n", ruid, euid, suid);
>   fp = fopen("/usr/local/etc/vpnc.conf", "r");
>   if( fp != NULL )  {
>     printf("file /usr/local/etc/vpnc.conf opened\n");
>     fclose(fp);  
>   }
>   call(setuid(1000));
>   getresuid(&ruid, &euid, &suid);
>   printf("> ruid=%d, euid=%d, suid=%d\n", ruid, euid, suid);
> 
>   return 0;
> }
> 
> 
> # cc set.c
> # strip a.out
> # chmod 6711 a.out
> # ls -l /usr/local/sbin/vpnc a.out
> -rws--s--x  1 root  wheel  105092 10 nov 20:12 /usr/local/sbin/vpnc
> -rws--s--x  1 root  wheel    4340 12 nov 14:41 a.out
> 
> When I run this as normal user, it works as expected:
> 
> $ ./a.out
> > ruid=1001, euid=0, suid=0
> file /usr/local/etc/vpnc.conf opened
> setuid(1000): No error: 0
> > ruid=1000, euid=1000, suid=1000
> 
> What is so magic with /usr/local/sbin/vpnc?

Maybe vpnc calls setuid(2) and changes the effective uid to the real 
uid before reading the configuration file. Inspecting the source code 
or running ktrace should verify or falsify my assumption.

-- 
+-------------------------------+------------------------------------+
| Vennlig hilsen,               | Best regards,                      |
| Trond Endrestøl,              | Trond Endrestøl,                   |
| IT-ansvarlig,                 | System administrator,              |
| Fagskolen Innlandet,          | Gjøvik Technical College, Norway,  |
| tlf. mob.   952 62 567,       | Cellular...: +47 952 62 567,       |
| sentralbord 61 14 54 00.      | Switchboard: +47 61 14 54 00.      |
+-------------------------------+------------------------------------+
From owner-freebsd-questions@freebsd.org  Thu Nov 12 19:15:04 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFFE7A2D901
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 12 Nov 2015 19:15:04 +0000 (UTC)
 (envelope-from vbotka@gmail.com)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com
 [IPv6:2a00:1450:400c:c09::235])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 815231529
 for <freebsd-questions@freebsd.org>; Thu, 12 Nov 2015 19:15:04 +0000 (UTC)
 (envelope-from vbotka@gmail.com)
Received: by wmvv187 with SMTP id v187so48972622wmv.1
 for <freebsd-questions@freebsd.org>; Thu, 12 Nov 2015 11:15:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=date:from:to:cc:subject:message-id:in-reply-to:references
 :organization:mime-version:content-type;
 bh=KqJG6bVE/hKaZOdPIp3DSplPOPBxBFlpBHMQatAcSTg=;
 b=NeQvZM2VWb1hNNyE9/atJfZ2uw0O0nXJ7K9xNgs3h1Ax19uhgMXDxqI3wvcUCzeOVV
 l+i3KQI7WcYDk3VH8jdp+ibzqEEsC/OaSy3J5jRbcIJaOvde00yL7ZZCJpknXBgFItUj
 vWgiYx7TgNZhEDqvo9olOmrkepds7lUJfOoO39Nx4am2prfZhH4VlU/HA90DtyOFBM10
 pOuQQEg/gMCb5O9xK9sdHrm4vRJoUrdkOAJb3eCQqACBWczxCqfhJXQ8dM+5hWLzQ/kT
 W065vgXoN3MUK6ZV7O+3sK3sHD6Z6Yn2dribRcevYA1RiwwACyYZUIGbs+5NtQGkycON
 svJg==
X-Received: by 10.194.204.202 with SMTP id la10mr17752975wjc.81.1447355703032; 
 Thu, 12 Nov 2015 11:15:03 -0800 (PST)
Received: from planb (ip-89-176-92-35.net.upcbroadband.cz. [89.176.92.35])
 by smtp.gmail.com with ESMTPSA id s9sm65462wmf.2.2015.11.12.11.15.01
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 12 Nov 2015 11:15:01 -0800 (PST)
Date: Thu, 12 Nov 2015 20:14:59 +0100
From: Vladimir Botka <vbotka@gmail.com>
To: Carl Johnson <carlj@peak.org>
Cc: freebsd-questions@freebsd.org
Subject: Re: USB wireless adapter for hostapd?
Message-ID: <20151112201459.6545e263@planb>
In-Reply-To: <87a8rcnb15.fsf@elk.localnet>
References: <87a8rcnb15.fsf@elk.localnet>
Organization: na
X-Mailer: Claws Mail 3.12.0 (GTK+ 2.24.28; i686-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 boundary="Sig_/riBbz_givnf70h=4aOeIO+c"; protocol="application/pgp-signature"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>;
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 19:15:05 -0000

--Sig_/riBbz_givnf70h=4aOeIO+c
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

On Tue, 20 Oct 2015 20:41:26 -0700
Carl Johnson <carlj@peak.org> wrote:

> I am trying to set up a Raspberry Pi as an access point, but FreeBSD
> doesn't support hostap mode on the adapters (urtwn) that I have.  Does
> anybody have any suggestions on where I could buy an adapter that
> FreeBSD does support hostap mode?  Looking at the man pages seems to
> indicate that very few are supported for anything other than normal
> station mode.
>=20
> Thanks for any information.

You are looking for adapters with HOSTAP capability [1] according
http://www.freebsd.cz/doc/handbook/network-wireless.html

This report [1] is from old dongle D-Link DWL-G122 running as a client
[2,3] in FreeBSD 11.0 on imx6. I haven't tried, but according [1] it
should be possible to use it with hostap.

JFYI, RT5370 (Tenda W311MI) and RT5592 (TP Link TL-WDN3200) don't work
for me in [4] and report error (below). But both adapters report HOSTAP
capability in Freebsd 10.2 i386

imx6 kernel: run0: firmware RT3071 ver. 0.33 loaded
imx6 wpa_supplicant[2164]: ioctl[SIOCS80211, op=3D26, val=3D0,
arg_len=3D0]: Operation not supported
imx6 wpa_supplicant[2164]: ioctl[SIOCS80211, op=3D26, val=3D0,
arg_len=3D0]: Operation not supported
imx6 wpa_supplicant[2164]: wlan0: CTRL-EVENT-TERMINATING

Just to be sure. You know that USB adapters don't support 11n at the
moment?

HTH. Cheers

	-vlado

[1]
# ifconfig wlan0 list caps
drivercaps=3D2581ed01<STA,IBSS,HOSTAP,AHDEMO,TXPMGT,SHSLOT,SHPREAMBLE,MONIT=
OR,WPA1,WPA2,WME,BGSCAN>
cryptocaps=3D1b<WEP,TKIP,AES_CCM,TKIPMIC>

[2]
# usbconfig -u 1 -a 3 dump_info
ugen1.3: <802.11 bg WLAN Ralink> at usbus1, cfg=3D0 md=3DHOST spd=3DHIGH
(480Mbps) pwr=3DON (300mA)

[3]
# ifconfig wlan0
wlan0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500 ether 00:17:9a:b7:ff:be
	inet 192.168.1.22 netmask 0xffffff00 broadcast 192.168.1.255=20
	groups: wlan=20
	ssid babeta channel 1 (2412 MHz 11g) bssid c4:3d:c7:9d:a6:ef
	regdomain ETSI country CZ authmode WPA2/802.11i privacy ON
	deftxkey UNDEF AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 30
bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7
	roam:rate 5 protmode CTS wme roaming MANUAL
	media: IEEE 802.11 Wireless Ethernet DS/1Mbps mode 11g
	status: associated
	nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

[4]
# uname -a
FreeBSD imx6 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r290273: Tue Nov  3
02:54:03 UTC 2015
root@releng2.nyi.freebsd.org:/usr/obj/arm.armv6/usr/src/sys/IMX6  arm
--=20
Vladim=C3=ADr Botka

--Sig_/riBbz_givnf70h=4aOeIO+c
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJWROU0AAoJEJDRmRKO1E8B9WUH/2SAFDZCFG2Mi0dmScVTlkK9
+OiKFcIYnl5e3jQuzr7+gFq7sQ2aW8BOz9JVmSvV0LG0r70w2/ISeXxP7nZzMNkx
s8VonEFybxPwQ1cOlIkwJx4Mx4fRUdGpwIWKnBtG/LdsXI+ZiTAnxG5+K4ldRxmc
rcwAl3I9K9nR6LEIP7oKwGDBRBGIlAvDjPuH1Y9YthTBrtxBjE1KVxmCEAFBgVBc
HMyTzoAWZZYwPGBH6CMUkfChpCPwIu6Ju67UMfF3G0EIEwNSAIHiPQOCm+cz2ygu
6JcNvarH+OKrzpZcbjrRqt6X0irbQU9hkdvLYLuhok5JD54HL0Joz6XlKsMD/ck=
=GI3q
-----END PGP SIGNATURE-----

--Sig_/riBbz_givnf70h=4aOeIO+c--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1511121527501.22820>