[ntp:security] ntpd should drop supplementary groups

Matthias Drochner M.Drochner at fz-juelich.de
Sat Feb 7 13:33:29 UTC 2009


Hi -
ntpd does not drop root's group memberships
when switching uid/gid. The appended patch
fixes this. (It can certainly be improved -
error checking at least.)
I see there is a bugzilla entry on the
subject (#812) but it is old and closed.
So if it was fixed it probably got lost at
some point.

best regards
Matthias





-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich

Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------
-------------- next part --------------
Index: ntpd.c
===================================================================
RCS file: /cvsroot/src/dist/ntp/ntpd/ntpd.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -p -r1.13 -r1.14
--- ntpd.c	23 Aug 2008 09:10:31 -0000	1.13
+++ ntpd.c	3 Feb 2009 12:51:13 -0000	1.14
@@ -1,4 +1,4 @@
-/*	$NetBSD: ntpd.c,v 1.13 2008/08/23 09:10:31 kardel Exp $	*/
+/*	$NetBSD: ntpd.c,v 1.14 2009/02/03 12:51:13 drochner Exp $	*/
 
 /*
  * ntpd.c - main program for the fixed point NTP daemon
@@ -170,8 +170,8 @@ int droproot = 0;
 char *user = NULL;		/* User to switch to */
 char *group = NULL;		/* group to switch to */
 char *chrootdir = NULL;		/* directory to chroot to */
-int sw_uid;
-int sw_gid;
+uid_t sw_uid;
+gid_t sw_gid;
 char *endp;  
 struct group *gr;
 struct passwd *pw; 
@@ -923,6 +923,10 @@ getgroup:	
 			msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
 			exit (-1);
 		}
+		if (group)
+			setgroups(1, &sw_gid);
+		else
+			initgroups(pw->pw_name, pw->pw_gid);
 		if (user && setuid(sw_uid)) {
 			msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
 			exit (-1);


More information about the security mailing list