| From 9023519ecbd6feabd02f79531e02db2949cbe41f Mon Sep 17 00:00:00 2001 |
| From: Micah Morton <mortonm@chromium.org> |
| Date: Fri, 20 Apr 2018 11:54:26 -0700 |
| Subject: [PATCH] Allow pppd to start as non-root. |
| |
| This patch adds #ifndef macros in 2 spots in order to allow pppd to be |
| spawned as a non-root user with only runtime capabilities (e.g. |
| CAP_NET_{RAW/ADMIN}) instead of giving pppd full root privileges. This |
| is helpful if pppd is itself spawned by a non-root user and the use of |
| file permissions (e.g. setuid-root) on the pppd binary is not a |
| desirable solution. |
| --- |
| pppd/main.c | 2 ++ |
| pppd/options.c | 2 ++ |
| 2 files changed, 4 insertions(+) |
| |
| diff --git a/pppd/main.c b/pppd/main.c |
| index 6d50d1b..e159876 100644 |
| --- a/pppd/main.c |
| +++ b/pppd/main.c |
| @@ -379,6 +379,7 @@ main(argc, argv) |
| if (debug) |
| setlogmask(LOG_UPTO(LOG_DEBUG)); |
| |
| +#ifndef ALLOW_START_AS_NON_ROOT |
| /* |
| * Check that we are running as root. |
| */ |
| @@ -387,6 +388,7 @@ main(argc, argv) |
| argv[0]); |
| exit(EXIT_NOT_ROOT); |
| } |
| +#endif |
| |
| if (!ppp_available()) { |
| option_error("%s", no_ppp_msg); |
| diff --git a/pppd/options.c b/pppd/options.c |
| index 45fa742..0e1c714 100644 |
| --- a/pppd/options.c |
| +++ b/pppd/options.c |
| @@ -684,11 +684,13 @@ process_option(opt, cmd, argv) |
| opt->name, optopt); |
| return 0; |
| } |
| +#ifndef ALLOW_START_AS_NON_ROOT |
| if ((opt->flags & OPT_PRIV) && !privileged_option) { |
| option_error("using the %s%s requires root privilege", |
| opt->name, optopt); |
| return 0; |
| } |
| +#endif |
| if ((opt->flags & OPT_ENABLE) && *(bool *)(opt->addr2) == 0) { |
| option_error("%s%s is disabled", opt->name, optopt); |
| return 0; |
| -- |
| 2.13.5 |
| |
