go back to running these as root from inetd. however once rpc.{rusersd,rstatd}

starts, do a chroot to /var/empty and change to user nobody.
hi mom, i'm in jail!

2 files changed, 50 insertions, 38 deletions

diff --git a/libexec/rpc.rstatd/rstat_proc.c b/libexec/rpc.rstatd/rstat_proc.c
index 0ae365812eb..ba422ec5229 100644
--- a/libexec/rpc.rstatd/rstat_proc.c
+++ b/libexec/rpc.rstatd/rstat_proc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rstat_proc.c,v 1.21 2002/02/16 21:27:31 millert Exp $	*/
+/*	$OpenBSD: rstat_proc.c,v 1.22 2002/06/28 22:40:33 deraadt Exp $	*/
 
 /*
  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
@@ -31,7 +31,7 @@
 #ifndef lint
 /*static char sccsid[] = "from: @(#)rpc.rstatd.c 1.1 86/09/25 Copyr 1984 Sun Micro";*/
 /*static char sccsid[] = "from: @(#)rstat_proc.c	2.2 88/08/01 4.0 RPCSRC";*/
-static char rcsid[] = "$OpenBSD: rstat_proc.c,v 1.21 2002/02/16 21:27:31 millert Exp $";
+static char rcsid[] = "$OpenBSD: rstat_proc.c,v 1.22 2002/06/28 22:40:33 deraadt Exp $";
 #endif
 
 /*
@@ -100,7 +100,7 @@ static int stat_is_init = 0;
 #endif
 
 void
-stat_init()
+stat_init(void)
 {
 	stat_is_init = 1;
 	setup();
@@ -110,9 +110,7 @@ stat_init()
 }
 
 statstime *
-rstatproc_stats_3_svc(arg, rqstp)
-	void *arg;
-	struct svc_req *rqstp;
+rstatproc_stats_3_svc(void *arg, struct svc_req *rqstp)
 {
 	if (!stat_is_init)
 		stat_init();
@@ -121,9 +119,7 @@ rstatproc_stats_3_svc(arg, rqstp)
 }
 
 statsswtch *
-rstatproc_stats_2_svc(arg, rqstp)
-	void *arg;
-	struct svc_req *rqstp;
+rstatproc_stats_2_svc(void *arg, struct svc_req *rqstp)
 {
 	if (!stat_is_init)
 		stat_init();
@@ -132,9 +128,7 @@ rstatproc_stats_2_svc(arg, rqstp)
 }
 
 stats *
-rstatproc_stats_1_svc(arg, rqstp)
-	void *arg;
-	struct svc_req *rqstp;
+rstatproc_stats_1_svc(void *arg, struct svc_req *rqstp)
 {
 	if (!stat_is_init)
 		stat_init();
@@ -143,9 +137,7 @@ rstatproc_stats_1_svc(arg, rqstp)
 }
 
 u_int *
-rstatproc_havedisk_3_svc(arg, rqstp)
-	void *arg;
-	struct svc_req *rqstp;
+rstatproc_havedisk_3_svc(void *arg, struct svc_req *rqstp)
 {
 	static u_int have;
 
@@ -157,17 +149,13 @@ rstatproc_havedisk_3_svc(arg, rqstp)
 }
 
 u_int *
-rstatproc_havedisk_2_svc(arg, rqstp)
-	void *arg;
-	struct svc_req *rqstp;
+rstatproc_havedisk_2_svc(void *arg, struct svc_req *rqstp)
 {
 	return (rstatproc_havedisk_3_svc(arg, rqstp));
 }
 
 u_int *
-rstatproc_havedisk_1_svc(arg, rqstp)
-	void *arg;
-	struct svc_req *rqstp;
+rstatproc_havedisk_1_svc(void *arg, struct svc_req *rqstp)
 {
 	return (rstatproc_havedisk_3_svc(arg, rqstp));
 }
@@ -179,7 +167,7 @@ updatestatsig(int sig)
 }
 
 void
-updatestat()
+updatestat(void)
 {
 	int i, mib[2], save_errno = errno;
 	struct uvmexp uvmexp;
@@ -283,22 +271,20 @@ updatestat()
 }
 
 void
-setup()
+setup(void)
 {
 	dkinit(0);
 }
 
 void
-rstat_service(rqstp, transp)
-	struct svc_req *rqstp;
-	SVCXPRT *transp;
+rstat_service(struct svc_req *rqstp, SVCXPRT *transp)
 {
+	char *(*local)(void *, struct svc_req *);
+	xdrproc_t xdr_argument, xdr_result;
 	union {
 		int fill;
 	} argument;
 	char *result;
-	xdrproc_t xdr_argument, xdr_result;
-	char *(*local)(void *, struct svc_req *);
 
 	switch (rqstp->rq_proc) {
 	case NULLPROC:
diff --git a/libexec/rpc.rstatd/rstatd.c b/libexec/rpc.rstatd/rstatd.c
index 863f219d92d..194e535d9c2 100644
--- a/libexec/rpc.rstatd/rstatd.c
+++ b/libexec/rpc.rstatd/rstatd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rstatd.c,v 1.9 2002/03/24 04:39:38 deraadt Exp $	*/
+/*	$OpenBSD: rstatd.c,v 1.10 2002/06/28 22:40:33 deraadt Exp $	*/
 
 /*-
  * Copyright (c) 1993, John Brezak
@@ -34,7 +34,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$OpenBSD: rstatd.c,v 1.9 2002/03/24 04:39:38 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: rstatd.c,v 1.10 2002/06/28 22:40:33 deraadt Exp $";
 #endif /* not lint */
 
 #include <sys/types.h>
@@ -44,6 +44,7 @@ static char rcsid[] = "$OpenBSD: rstatd.c,v 1.9 2002/03/24 04:39:38 deraadt Exp
 #include <string.h>
 #include <unistd.h>
 #include <signal.h>
+#include <pwd.h>
 #include <syslog.h>
 #include <errno.h>
 #include <stdlib.h>
@@ -60,8 +61,17 @@ void my_svc_run(void);
 int from_inetd = 1;     /* started from inetd ? */
 int closedown = 20;	/* how long to wait before going dormant */
 
+volatile sig_atomic_t gotsig;
+
+void
+getsig(int signo)
+{
+	gotsig = 1;
+}
+
+
 void
-cleanup()
+cleanup(void)
 {
 	(void) pmap_unset(RSTATPROG, RSTATVERS_TIME);	/* XXX signal races */
 	(void) pmap_unset(RSTATPROG, RSTATVERS_SWTCH);
@@ -70,14 +80,28 @@ cleanup()
 }
 
 int
-main(argc, argv)
-	int argc;
-	char *argv[];
+main(int argc, char *argv[])
 {
 	int sock = 0, proto = 0, fromlen;
+	struct passwd *pw;
 	struct sockaddr_in from;
 	SVCXPRT *transp;
 
+	pw = getpwnam("nobody");
+	if (chroot("/var/empty") == -1) {
+		syslog(LOG_ERR, "cannot chdir to /var/empty.");
+		exit(1);
+	}
+	chdir("/");
+
+	if (pw) {
+		setgroups(1, &pw->pw_gid);
+		setegid(pw->pw_gid);
+		setgid(pw->pw_gid);
+		seteuid(pw->pw_uid);
+		setegid(pw->pw_uid);
+	}
+
 	if (argc == 2)
 		closedown = atoi(argv[1]);
 	if (closedown <= 0)
@@ -100,9 +124,9 @@ main(argc, argv)
 		(void)pmap_unset(RSTATPROG, RSTATVERS_SWTCH);
 		(void)pmap_unset(RSTATPROG, RSTATVERS_ORIG);
 
-		(void) signal(SIGINT, cleanup);
-		(void) signal(SIGTERM, cleanup);
-		(void) signal(SIGHUP, cleanup);
+		(void) signal(SIGINT, getsig);
+		(void) signal(SIGTERM, getsig);
+		(void) signal(SIGHUP, getsig);
 	}
 
 	openlog("rpc.rstatd", LOG_CONS|LOG_PID, LOG_DAEMON);
@@ -131,7 +155,7 @@ main(argc, argv)
 }
 
 void
-my_svc_run()
+my_svc_run(void)
 {
 	extern volatile sig_atomic_t wantupdatestat;
 	extern void updatestat(void);
@@ -142,6 +166,8 @@ my_svc_run()
 			updatestat();
 			wantupdatestat = 0;
 		}
+		if (gotsig)
+			cleanup();
 
 		if (__svc_fdset) {
 			int bytes = howmany(__svc_fdsetsize, NFDBITS) *