From 83bcf394a15c4c2797353c040f1814c6b03b5db3 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 24 Feb 2021 13:00:32 +0100 Subject: tests/drop-privileges: Ensure failure to drop privileges yields an error. And doesn't retain root privileges. --- tests/drop-privileges | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'tests/drop-privileges') diff --git a/tests/drop-privileges b/tests/drop-privileges index 0596e31..fd432d9 100644 --- a/tests/drop-privileges +++ b/tests/drop-privileges @@ -1,6 +1,17 @@ # Check privilige drop: UID/GID changes, chdir, environment, and file # descriptors +# ensure failure to drop privileges doesn't retain root privileges +sed -ri 's/^#(user|group)\s*=\s*$/\1 = nonexistent-\1/' /etc/lacme/lacme.conf +! lacme account 2>"$STDERR" || fail +grepstderr -Fxq "getgrnam(nonexistent-group)" +grepstderr -Fxq "Error: Invalid client version" + +sed -ri 's/^group\s*=\s*nonexistent.*/#&/' /etc/lacme/lacme.conf +! lacme account 2>"$STDERR" || fail +grepstderr -Fxq "getpwnam(nonexistent-user)" +grepstderr -Fxq "Error: Invalid client version" + # create wrapper to inspect processes STATUSDIR="/dev/shm/lacme-wrap" install -oroot -groot -m0755 /dev/stdin /run/lacme-wrap <<-EOF @@ -24,8 +35,7 @@ adduser --system --group \ --home /nonexistent --no-create-home \ --gecos "lacme account user" \ --quiet lacme-account -sed -ri 's|^#user\s*=\s*$|user = lacme-account|' /etc/lacme/lacme.conf -sed -ri 's|^#group\s*=\s*$|group = lacme-account|' /etc/lacme/lacme.conf +sed -ri 's/^#?(user|group)\s*=\s*nonexistent.*/\1 = lacme-account/' /etc/lacme/lacme.conf chown lacme-account: /etc/lacme/account.key install -oroot -groot -dm0755 -- "$STATUSDIR" -- cgit v1.2.3 From 9a8f705eddd18ccc9a24fe0e7efe6b5a87b2be09 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 25 Feb 2021 01:41:59 +0100 Subject: lacme: pass a temporary JSON file with the client configuration to the internal client. So it doesn't have to parse the INI file again. Also, while lacme.conf is world-readable by default, one might restrict permissions and add private information in there, not realizing that everything, including comments, will be readable by the client. --- tests/drop-privileges | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/drop-privileges') diff --git a/tests/drop-privileges b/tests/drop-privileges index fd432d9..8deb8f1 100644 --- a/tests/drop-privileges +++ b/tests/drop-privileges @@ -123,8 +123,8 @@ check_client() { grep -Exq "[0-9]+ 0700 $UID:$GID socket:\[[0-9]+\]" "$prefix/fd" || return 1 sed -ri '0,\#^[0-9]+ .* socket:\[[0-9]+\]$# {//d}' "$prefix/fd" - grep -Exq "[0-9]+ 0500 $UID:$GID /etc/lacme/lacme\.conf" "$prefix/fd" || return 1 - sed -ri '0,\#^[0-9]+ .* /etc/lacme/lacme\.conf$# {//d}' "$prefix/fd" + grep -Eq "^[0-9]+ 0500 $UID:$GID /tmp/lacme-client.conf\.json-" "$prefix/fd" || return 1 + sed -ri '0,\#^[0-9]+ .* /tmp/lacme-client.conf\.json-# {//d}' "$prefix/fd" ! test -s "$prefix/fd" || return 1 } check_webserver() { -- cgit v1.2.3