Date: Sun, 10 Mar 2002 21:25:29 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: freebsd-print@bostonradio.org Cc: freebsd-audit@freebsd.org Subject: Re: The group for /var/run/printer Message-ID: <p0510153db8b1c2cf8237@[128.113.24.47]> In-Reply-To: <p05101503b8aa09917075@[128.113.24.47]> References: <p05101503b8aa09917075@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:44 AM -0500 3/5/02, Garance A Drosihn wrote
to freebsd-print@bostonradio.org:
>There is a PR:
>
>http://www.FreeBSD.org/cgi/query-pr.cgi?pr=bin/17289
>
>which notices that /var/run/printer is created rwx to both the
>owner (root) and group (wheel). He notes that it would probably
>be better if it was not permitted to everyone in the wheel group.
>
>But this got me thinking. Shouldn't that be created with a group
>of daemon? All the lp* programs are setuid root (ick) and setgid
>daemon. If we could drop the need for setuid root, we'd still
>like that setgid daemon, assuming /var/run/printer is permitted
>to group daemon.
Well, here's an initial cut at my idea. This keys off a userid,
where lpd gets the groupid to use based on the default group
for that userid. I did it that way, because that's how the
'du / daemon.user' option works in printcap entries. I added a
'-u' parameter to lpd, so an administrator can specify an
alternate userid, or completely skip the new chgrp-ish step.
This is basically a small subset of the code that lpd currently
does in printjob.c (except that keys off the 'du' value).
No documentation update has been done yet, as I wanted to get
feedback before writing any docs for it. Maybe I should drop
the -u option, and instead have a -g option, for instance.
I'd like to do something along these lines sometime after the
mini-code-slush is over for current.
Index: lpd/lpd.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/lpr/lpd/lpd.c,v
retrieving revision 1.31
diff -u -r1.31 lpd.c
--- lpd/lpd.c 23 Jul 2001 00:13:02 -0000 1.31
+++ lpd/lpd.c 11 Mar 2002 02:23:55 -0000
@@ -85,6 +85,7 @@
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <pwd.h>
#include <netdb.h>
#include <unistd.h>
#include <syslog.h>
@@ -128,10 +129,16 @@
#define LPD_NOPORTCHK 0001 /* skip reserved-port check */
#define LPD_LOGCONNERR 0002 /* (sys)log connection errors */
+#define NULL_UID (uid_t)-1
+#define NULL_GID (gid_t)-1
+
int
main(int argc, char **argv)
{
int ch_options, errs, f, funix, *finet, i, lfd, socket_debug;
+ char *remc;
+ gid_t lpd_gid;
+ uid_t lpd_uid4grp;
fd_set defreadfds;
struct sockaddr_un un, fromunix;
struct sockaddr_storage frominet;
@@ -145,6 +152,8 @@
ch_options = 0;
socket_debug = 0;
+ lpd_uid4grp = DEFUID;
+ lpd_gid = NULL_GID;
gethostname(local_host, sizeof(local_host));
progname = "lpd";
@@ -153,7 +162,7 @@
errx(EX_NOPERM,"must run as root");
errs = 0;
- while ((i = getopt(argc, argv, "cdlpwW46")) != -1)
+ while ((i = getopt(argc, argv, "cdlpu:wW46")) != -1)
switch (i) {
case 'c':
/* log all kinds of connection-errors to syslog */
@@ -168,6 +177,18 @@
case 'p':
pflag++;
break;
+ case 'u':
+ i = strtol(optarg, &remc, 10);
+ if (*remc) {
+ syslog(LOG_ERR,
+ "Bad argument to -u, number expected");
+ errs++;
+ }
+ if (i >= 0)
+ lpd_uid4grp = i;
+ else
+ lpd_uid4grp = NULL_UID;
+ break;
case 'w': /* netbsd uses -w for maxwait */
/*
* This will be removed after the release of 4.4, as
@@ -215,6 +236,18 @@
family = PF_UNSPEC;
argc -= optind;
argv += optind;
+ if ((lpd_uid4grp != NULL_UID) && (lpd_gid != NULL_GID)) {
+ struct passwd *pwd;
+
+ pwd = getpwuid(lpd_uid4grp);
+ if (pwd == NULL) {
+ syslog(LOG_ERR, "lpd startup: Can not find "
+ "uid %d (for default-gid) in password file",
+ lpd_uid4grp);
+ errs++;
+ }
+ lpd_gid = pwd->pw_gid;
+ }
if (errs)
usage();
@@ -332,6 +365,12 @@
syslog(LOG_ERR, "ubind: %m");
exit(1);
}
+ if (lpd_gid != NULL_GID) {
+ if (chown(_PATH_SOCKETNAME, (uid_t)-1, lpd_gid)) {
+ syslog(LOG_ERR, "lpd startup: chown(%s,,%d): %m",
+ _PATH_SOCKETNAME, lpd_gid);
+ }
+ }
(void) umask(0);
sigprocmask(SIG_SETMASK, &omask, (sigset_t *)0);
FD_ZERO(&defreadfds);
@@ -911,9 +950,9 @@
usage(void)
{
#ifdef INET6
- fprintf(stderr, "usage: lpd [-cdlpW46] [port#]\n");
+ fprintf(stderr, "usage: lpd [-cdlpW46] [-u <uid>] [port#]\n");
#else
- fprintf(stderr, "usage: lpd [-cdlpW] [port#]\n");
+ fprintf(stderr, "usage: lpd [-cdlpW] [-u <uid>] [port#]\n");
#endif
exit(EX_USAGE);
}
--
Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu
Senior Systems Programmer or gad@freebsd.org
Rensselaer Polytechnic Institute or drosih@rpi.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0510153db8b1c2cf8237>