2 * Routines for handling privileges, e.g. set-UID and set-GID on UNIX.
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 2006 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #if defined(HAVE_SETRESUID) || defined(HAVE_SETREGUID)
26 #define _GNU_SOURCE /* Otherwise [sg]etres[gu]id won't be defined on Linux */
31 #include "privileges.h"
39 * Called when the program starts, to save whatever credential information
40 * we'll need later, and to do whatever other specialized platform-dependent
41 * initialization we want.
44 init_process_policies(void)
46 HMODULE kernel32Handle;
47 typedef BOOL (WINAPI *SetProcessDEPPolicyHandler)(DWORD);
48 SetProcessDEPPolicyHandler PSetProcessDEPPolicy;
50 #ifndef PROCESS_DEP_ENABLE
51 #define PROCESS_DEP_ENABLE 1
55 * If we have SetProcessDEPPolicy(), turn "data execution
56 * prevention" on - i.e., if the MMU lets you set execute
57 * permission on a per-page basis, turn execute permission
58 * off on most data pages. SetProcessDEPPolicy() fails on
59 * 64-bit Windows (it's *always* on there), but if it fails,
60 * we don't care (we did our best), so we don't check for
63 * XXX - if the GetModuleHandle() call fails, should we report
64 * an error? That "shouldn't happen" - it's the equivalent
65 * of libc.{so,sl,a} or libSystem.dylib being missing on UN*X.
67 kernel32Handle = GetModuleHandle(_T("kernel32.dll"));
68 if (kernel32Handle != NULL) {
69 PSetProcessDEPPolicy = (SetProcessDEPPolicyHandler) GetProcAddress(kernel32Handle, "SetProcessDEPPolicy");
70 if (PSetProcessDEPPolicy) {
71 PSetProcessDEPPolicy(PROCESS_DEP_ENABLE);
79 * For now, we say the program wasn't started with special privileges.
80 * There are ways of running programs with credentials other than those
81 * for the session in which it's run, but I don't know whether that'd be
82 * done with Wireshark/TShark or not.
85 started_with_special_privs(void)
91 * For now, we say the program isn't running with special privileges.
92 * There are ways of running programs with credentials other than those
93 * for the session in which it's run, but I don't know whether that'd be
94 * done with Wireshark/TShark or not.
97 running_with_special_privs(void)
103 * For now, we don't do anything when asked to relinquish special privileges.
106 relinquish_special_privs_perm(void)
111 * Get the current username. String must be g_free()d after use.
114 get_cur_username(void) {
116 username = g_strdup("UNKNOWN");
121 * Get the current group. String must be g_free()d after use.
124 get_cur_groupname(void) {
126 groupname = g_strdup("UNKNOWN");
131 * If npf.sys is running, return TRUE.
134 npf_sys_is_running() {
135 SC_HANDLE h_scm, h_serv;
138 h_scm = OpenSCManager(NULL, NULL, 0);
142 h_serv = OpenService(h_scm, _T("npf"), SC_MANAGER_CONNECT|SERVICE_QUERY_STATUS);
146 if (QueryServiceStatus(h_serv, &ss)) {
147 if (ss.dwCurrentState & SERVICE_RUNNING)
156 #ifdef HAVE_SYS_TYPES_H
157 # include <sys/types.h>
176 static uid_t ruid, euid;
177 static gid_t rgid, egid;
178 static gboolean init_process_policies_called = FALSE;
181 * Called when the program starts, to save whatever credential information
182 * we'll need later, and to do whatever other specialized platform-dependent
183 * initialization we want.
185 * The credential information we'll need later on UNIX is the real and
186 * effective UID and GID.
188 * XXX - do any UN*Xes have opt-in "no execute on data pages by default"
189 * permission? This would be the place to request it.
192 init_process_policies(void)
199 init_process_policies_called = TRUE;
203 * "Started with special privileges" means "started out set-UID or set-GID",
204 * or run as the root user or group.
207 started_with_special_privs(void)
209 g_assert(init_process_policies_called);
210 #ifdef HAVE_ISSETUGID
213 return (ruid != euid || rgid != egid || ruid == 0 || rgid == 0);
218 * Return TRUE if the real, effective, or saved (if we can check it) user
222 running_with_special_privs(void)
224 #ifdef HAVE_SETRESUID
227 #ifdef HAVE_SETRESGID
231 #ifdef HAVE_SETRESUID
232 getresuid(&ru, &eu, &su);
233 if (ru == 0 || eu == 0 || su == 0)
236 if (getuid() == 0 || geteuid() == 0)
239 #ifdef HAVE_SETRESGID
240 getresgid(&rg, &eg, &sg);
241 if (rg == 0 || eg == 0 || sg == 0)
244 if (getgid() == 0 || getegid() == 0)
251 * Permanently relinquish set-UID and set-GID privileges.
252 * If error, abort since we probably shouldn't continue
253 * with elevated privileges.
254 * Note that if this error occurs when dumpcap is called from
255 * wireshark or tshark, the message seen will be
256 * "Child dumpcap process died:". This is obscure but we'll
257 * consider it acceptable since it should be highly unlikely
258 * that this error will occur.
262 setxid_fail(const gchar *str)
264 g_error("Attempt to relinguish privileges failed [%s()] - aborting: %s\n",
265 str, g_strerror(errno));
269 relinquish_special_privs_perm(void)
272 * If we were started with special privileges, set the
273 * real and effective group and user IDs to the original
274 * values of the real and effective group and user IDs.
275 * If we're not, don't bother - doing so seems to mung
276 * our group set, at least in OS X 10.5.
278 * (Set the effective UID last - that takes away our
279 * rights to set anything else.)
281 if (started_with_special_privs()) {
282 #ifdef HAVE_SETRESGID
283 if (setresgid(rgid, rgid, rgid) == -1) {setxid_fail("setresgid");}
285 if (setgid(rgid) == -1) {setxid_fail("setgid"); }
286 if (setegid(rgid) == -1) {setxid_fail("setegid");}
289 #ifdef HAVE_SETRESUID
290 if (setresuid(ruid, ruid, ruid) == -1) {setxid_fail("setresuid");}
292 if (setuid(ruid) == -1) {setxid_fail("setuid"); }
293 if (seteuid(ruid) == -1) {setxid_fail("seteuid");}
299 * Get the current username. String must be g_free()d after use.
302 get_cur_username(void) {
304 struct passwd *pw = getpwuid(getuid());
307 username = g_strdup(pw->pw_name);
309 username = g_strdup("UNKNOWN");
316 * Get the current group. String must be g_free()d after use.
319 get_cur_groupname(void) {
321 struct group *gr = getgrgid(getgid());
324 groupname = g_strdup(gr->gr_name);
326 groupname = g_strdup("UNKNOWN");
340 * indent-tabs-mode: t
343 * ex: set shiftwidth=8 tabstop=8 noexpandtab:
344 * :indentSize=8:tabSize=8:noTabs=false: