From owner-freebsd-questions@freebsd.org Thu Nov 12 14:30:34 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65729A2CE57 for ; Thu, 12 Nov 2015 14:30:34 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0EE311EBC for ; Thu, 12 Nov 2015 14:30:33 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.15.2/8.15.2) with ESMTPS id tACEURt5051882 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 12 Nov 2015 15:30:27 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.15.2/8.15.2/Submit) with ESMTP id tACEUQXg051879; Thu, 12 Nov 2015 15:30:27 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Thu, 12 Nov 2015 15:30:26 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: Matthias Apitz cc: FreeBSD Questions Subject: Re: vpnc && setuid In-Reply-To: <20151112134447.GA4418@c720-r276659> Message-ID: References: <20151112093622.GA3261@c720-r276659> <20151112101333.GA3606@c720-r276659> <20151112120549.GA3983@c720-r276659> <20151112134447.GA4418@c720-r276659> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED, AWL autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.fig.ol.no Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2015 14:30:34 -0000 On Thu, 12 Nov 2015 14:44+0100, Matthias Apitz wrote: > El día Thursday, November 12, 2015 a las 01:05:49PM +0100, Matthias Apitz escribió: > > > El día Thursday, November 12, 2015 a las 10:19:38AM +0000, krad escribió: > > > > > Looks like you need to 640 or 644 it. > > > > Why? The /usr/local/sbin/vpnc is set to: > > > > # ls -l /usr/local/sbin/vpnc > > -rwsr-xr-x 1 root wheel 105092 10 nov 20:12 /usr/local/sbin/vpnc > > > > and the proc should run with euid=0, i.e. as root, but does not do this > > and the question is, why? > > I wrote a small C-pgm: > > #define _GNU_SOURCE > #include > #include > #include > #include > #define call(fun) errno = 0; fun; perror(#fun) > > int main(int argc, char **argv) { > FILE *fp; > uid_t ruid = -1, euid = -1, suid = -1; > getresuid(&ruid, &euid, &suid); > printf("> ruid=%d, euid=%d, suid=%d\n", ruid, euid, suid); > fp = fopen("/usr/local/etc/vpnc.conf", "r"); > if( fp != NULL ) { > printf("file /usr/local/etc/vpnc.conf opened\n"); > fclose(fp); > } > call(setuid(1000)); > getresuid(&ruid, &euid, &suid); > printf("> ruid=%d, euid=%d, suid=%d\n", ruid, euid, suid); > > return 0; > } > > > # cc set.c > # strip a.out > # chmod 6711 a.out > # ls -l /usr/local/sbin/vpnc a.out > -rws--s--x 1 root wheel 105092 10 nov 20:12 /usr/local/sbin/vpnc > -rws--s--x 1 root wheel 4340 12 nov 14:41 a.out > > When I run this as normal user, it works as expected: > > $ ./a.out > > ruid=1001, euid=0, suid=0 > file /usr/local/etc/vpnc.conf opened > setuid(1000): No error: 0 > > ruid=1000, euid=1000, suid=1000 > > What is so magic with /usr/local/sbin/vpnc? Maybe vpnc calls setuid(2) and changes the effective uid to the real uid before reading the configuration file. Inspecting the source code or running ktrace should verify or falsify my assumption. -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+ From owner-freebsd-questions@freebsd.org Thu Nov 12 19:15:04 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFFE7A2D901 for ; Thu, 12 Nov 2015 19:15:04 +0000 (UTC) (envelope-from vbotka@gmail.com) Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 815231529 for ; Thu, 12 Nov 2015 19:15:04 +0000 (UTC) (envelope-from vbotka@gmail.com) Received: by wmvv187 with SMTP id v187so48972622wmv.1 for ; Thu, 12 Nov 2015 11:15:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references :organization:mime-version:content-type; bh=KqJG6bVE/hKaZOdPIp3DSplPOPBxBFlpBHMQatAcSTg=; b=NeQvZM2VWb1hNNyE9/atJfZ2uw0O0nXJ7K9xNgs3h1Ax19uhgMXDxqI3wvcUCzeOVV l+i3KQI7WcYDk3VH8jdp+ibzqEEsC/OaSy3J5jRbcIJaOvde00yL7ZZCJpknXBgFItUj vWgiYx7TgNZhEDqvo9olOmrkepds7lUJfOoO39Nx4am2prfZhH4VlU/HA90DtyOFBM10 pOuQQEg/gMCb5O9xK9sdHrm4vRJoUrdkOAJb3eCQqACBWczxCqfhJXQ8dM+5hWLzQ/kT W065vgXoN3MUK6ZV7O+3sK3sHD6Z6Yn2dribRcevYA1RiwwACyYZUIGbs+5NtQGkycON svJg== X-Received: by 10.194.204.202 with SMTP id la10mr17752975wjc.81.1447355703032; Thu, 12 Nov 2015 11:15:03 -0800 (PST) Received: from planb (ip-89-176-92-35.net.upcbroadband.cz. [89.176.92.35]) by smtp.gmail.com with ESMTPSA id s9sm65462wmf.2.2015.11.12.11.15.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Nov 2015 11:15:01 -0800 (PST) Date: Thu, 12 Nov 2015 20:14:59 +0100 From: Vladimir Botka To: Carl Johnson Cc: freebsd-questions@freebsd.org Subject: Re: USB wireless adapter for hostapd? Message-ID: <20151112201459.6545e263@planb> In-Reply-To: <87a8rcnb15.fsf@elk.localnet> References: <87a8rcnb15.fsf@elk.localnet> Organization: na X-Mailer: Claws Mail 3.12.0 (GTK+ 2.24.28; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/riBbz_givnf70h=4aOeIO+c"; protocol="application/pgp-signature" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2015 19:15:05 -0000 --Sig_/riBbz_givnf70h=4aOeIO+c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, On Tue, 20 Oct 2015 20:41:26 -0700 Carl Johnson wrote: > I am trying to set up a Raspberry Pi as an access point, but FreeBSD > doesn't support hostap mode on the adapters (urtwn) that I have. Does > anybody have any suggestions on where I could buy an adapter that > FreeBSD does support hostap mode? Looking at the man pages seems to > indicate that very few are supported for anything other than normal > station mode. >=20 > Thanks for any information. You are looking for adapters with HOSTAP capability [1] according http://www.freebsd.cz/doc/handbook/network-wireless.html This report [1] is from old dongle D-Link DWL-G122 running as a client [2,3] in FreeBSD 11.0 on imx6. I haven't tried, but according [1] it should be possible to use it with hostap. JFYI, RT5370 (Tenda W311MI) and RT5592 (TP Link TL-WDN3200) don't work for me in [4] and report error (below). But both adapters report HOSTAP capability in Freebsd 10.2 i386 imx6 kernel: run0: firmware RT3071 ver. 0.33 loaded imx6 wpa_supplicant[2164]: ioctl[SIOCS80211, op=3D26, val=3D0, arg_len=3D0]: Operation not supported imx6 wpa_supplicant[2164]: ioctl[SIOCS80211, op=3D26, val=3D0, arg_len=3D0]: Operation not supported imx6 wpa_supplicant[2164]: wlan0: CTRL-EVENT-TERMINATING Just to be sure. You know that USB adapters don't support 11n at the moment? HTH. Cheers -vlado [1] # ifconfig wlan0 list caps drivercaps=3D2581ed01 cryptocaps=3D1b [2] # usbconfig -u 1 -a 3 dump_info ugen1.3: <802.11 bg WLAN Ralink> at usbus1, cfg=3D0 md=3DHOST spd=3DHIGH (480Mbps) pwr=3DON (300mA) [3] # ifconfig wlan0 wlan0: flags=3D8843 metric 0 mtu 1500 ether 00:17:9a:b7:ff:be inet 192.168.1.22 netmask 0xffffff00 broadcast 192.168.1.255=20 groups: wlan=20 ssid babeta channel 1 (2412 MHz 11g) bssid c4:3d:c7:9d:a6:ef regdomain ETSI country CZ authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 30 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS wme roaming MANUAL media: IEEE 802.11 Wireless Ethernet DS/1Mbps mode 11g status: associated nd6 options=3D29 [4] # uname -a FreeBSD imx6 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r290273: Tue Nov 3 02:54:03 UTC 2015 root@releng2.nyi.freebsd.org:/usr/obj/arm.armv6/usr/src/sys/IMX6 arm --=20 Vladim=C3=ADr Botka --Sig_/riBbz_givnf70h=4aOeIO+c Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWROU0AAoJEJDRmRKO1E8B9WUH/2SAFDZCFG2Mi0dmScVTlkK9 +OiKFcIYnl5e3jQuzr7+gFq7sQ2aW8BOz9JVmSvV0LG0r70w2/ISeXxP7nZzMNkx s8VonEFybxPwQ1cOlIkwJx4Mx4fRUdGpwIWKnBtG/LdsXI+ZiTAnxG5+K4ldRxmc rcwAl3I9K9nR6LEIP7oKwGDBRBGIlAvDjPuH1Y9YthTBrtxBjE1KVxmCEAFBgVBc HMyTzoAWZZYwPGBH6CMUkfChpCPwIu6Ju67UMfF3G0EIEwNSAIHiPQOCm+cz2ygu 6JcNvarH+OKrzpZcbjrRqt6X0irbQU9hkdvLYLuhok5JD54HL0Joz6XlKsMD/ck= =GI3q -----END PGP SIGNATURE----- --Sig_/riBbz_givnf70h=4aOeIO+c--