util: add function for dropping root privileges

Share the code for dropping supplementary groups and setting effective,
saved, and real user UID/GID between system drivers.

sys_linux.c

@@ -45,7 +45,6 @@
 #ifdef FEAT_PRIVDROP
 #include <sys/prctl.h>
 #include <sys/capability.h>
-#include <grp.h>
 #endif
 
 #ifdef FEAT_SCFILTER
@@ -66,6 +65,7 @@
 #include "sys_timex.h"
 #include "conf.h"
 #include "logging.h"
+#include "util.h"
 
 /* Frequency scale to convert from ppm to the timex freq */
 #define FREQ_SCALE (double)(1 << 16)
@@ -409,17 +409,7 @@ SYS_Linux_DropRoot(uid_t uid, gid_t gid)
     LOG_FATAL(LOGF_SysLinux, "prctl() failed");
   }
   
-  if (setgroups(0, NULL)) {
-    LOG_FATAL(LOGF_SysLinux, "setgroups() failed");
-  }
-
-  if (setgid(gid)) {
-    LOG_FATAL(LOGF_SysLinux, "setgid(%d) failed", gid);
-  }
-
-  if (setuid(uid)) {
-    LOG_FATAL(LOGF_SysLinux, "setuid(%d) failed", uid);
-  }
+  UTI_DropRoot(uid, gid);
 
   if ((cap = cap_from_text("cap_net_bind_service,cap_sys_time=ep")) == NULL) {
     LOG_FATAL(LOGF_SysLinux, "cap_from_text() failed");
@@ -430,8 +420,6 @@ SYS_Linux_DropRoot(uid_t uid, gid_t gid)
   }
 
   cap_free(cap);
-
-  DEBUG_LOG(LOGF_SysLinux, "Root dropped to uid %d gid %d", uid, gid);
 }
 #endif
 

sys_macosx.c

@@ -419,16 +419,7 @@ void SYS_MacOSX_DropRoot(uid_t uid, gid_t gid)
 {
   PRV_StartHelper();
 
-  if (setgroups(0, NULL))
-    LOG_FATAL(LOGF_SysMacOSX, "setgroups() failed : %s", strerror(errno));
-
-  if (setgid(gid))
-    LOG_FATAL(LOGF_SysMacOSX, "setgid(%d) failed : %s", gid, strerror(errno));
-
-  if (setuid(uid))
-    LOG_FATAL(LOGF_SysMacOSX, "setuid(%d) failed : %s", uid, strerror(errno));
-
-  DEBUG_LOG(LOGF_SysMacOSX, "Root dropped to uid %d gid %d", uid, gid);
+  UTI_DropRoot(uid, gid);
 }
 #endif
 

sys_netbsd.c

@@ -127,16 +127,7 @@ SYS_NetBSD_DropRoot(uid_t uid, gid_t gid)
 
   PRV_StartHelper();
 
-  if (setgroups(0, NULL))
-    LOG_FATAL(LOGF_SysNetBSD, "setgroups() failed : %s", strerror(errno));
-
-  if (setgid(gid))
-    LOG_FATAL(LOGF_SysNetBSD, "setgid(%d) failed : %s", gid, strerror(errno));
-
-  if (setuid(uid))
-    LOG_FATAL(LOGF_SysNetBSD, "setuid(%d) failed : %s", uid, strerror(errno));
-
-  DEBUG_LOG(LOGF_SysNetBSD, "Root dropped to uid %d gid %d", uid, gid);
+  UTI_DropRoot(uid, gid);
 
   /* Check if we have write access to /dev/clockctl */
   fd = open("/dev/clockctl", O_WRONLY);

sysincl.h

@@ -35,6 +35,7 @@
 #include <fcntl.h>
 #include <float.h>
 #include <glob.h>
+#include <grp.h>
 #include <math.h>
 #include <netdb.h>
 #include <netinet/in.h>

util.c

@@ -1118,6 +1118,26 @@ UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid)
 
 /* ================================================== */
 
+void
+UTI_DropRoot(uid_t uid, gid_t gid)
+{
+  /* Drop supplementary groups */
+  if (setgroups(0, NULL))
+    LOG_FATAL(LOGF_Util, "setgroups() failed : %s", strerror(errno));
+
+  /* Set effective, saved and real group ID */
+  if (setgid(gid))
+    LOG_FATAL(LOGF_Util, "setgid(%d) failed : %s", gid, strerror(errno));
+
+  /* Set effective, saved and real user ID */
+  if (setuid(uid))
+    LOG_FATAL(LOGF_Util, "setuid(%d) failed : %s", uid, strerror(errno));
+
+  DEBUG_LOG(LOGF_Util, "Dropped root privileges: UID %d GID %d", uid, gid);
+}
+
+/* ================================================== */
+
 #define DEV_URANDOM "/dev/urandom"
 
 void

util.h

@@ -145,6 +145,9 @@ extern int UTI_CreateDirAndParents(const char *path, mode_t mode, uid_t uid, gid
    permissions and its uid/gid must match the specified values. */
 extern int UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid);
 
+/* Set process user/group IDs and drop supplementary groups */
+extern void UTI_DropRoot(uid_t uid, gid_t gid);
+
 /* Fill buffer with random bytes */
 extern void UTI_GetRandomBytes(void *buf, unsigned int len);