developer3000S / honeyd

Automatically exported from code.google.com/p/honeyd
0 stars 0 forks source link

Honeyd always run as root, command line -u and -g are overwritten #10

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Launch honeyd with a '-u' or '-g' switch:

2. Observer the user the daemon runs as (it is 'nobody' instead of the
provided ones:

nobody   19918     1  0 15:10 ?        00:00:00 /usr/bin/honeyd -f
/etc/honeypot/honeyd.conf -l /var/log/honeypot/honeyd.log -p
/etc/honeypot/nmap.prints -a /etc/honeypot/nmap.assoc -0
/etc/honeypot/pf.os -x /etc/honeypot/xprobe2.conf -u 110 -g 110
--disable-webserver -i lo 10.0.0.0/8

Also, syslog shows:

Nov 23 15:10:16 javifsp honeyd[19918]: Demoting process privileges to uid
65534, gid 65534

What is the expected output?
----------------------------

I would expect it to run with the provided uid/gid

Product version: 1.5c 
Operating system: Debian GNU/Linux 'sid'

This bug was found by a user a few months back in Debian (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484498) but I was unable
to dedicate time to investigate it until recently. 

The issue is related to how honeyd_init() overwrites honeyd_uid and
honeyd_gid even though these are set by the command line switches (-u and
-g) which never take effect.

The attached patch is a proposed fix: only set honeyd_uid and honeyd_gid to
the system's nobody user if the values are still the default values set in
the header. Otherwise don't do anything (i.e. honor the switches)

With this patch, which I'm going to submit in a new Debian package version
(-6) honeyd starts properly:

jfs@silicio:honeyd$ sudo /etc/init.d/honeyd start
Starting Honeyd daemon: honeyd.
jfs@silicio:honeyd$ ps -ef |grep honeyd
honeyd   31842     1  0 15:28 ?        00:00:00 /usr/bin/honeyd -f
/etc/honeypot/honeyd.conf -l /var/log/honeypot/honeyd.log -p
/etc/honeypot/nmap.prints -a /etc/honeypot/nmap.assoc -0
/etc/honeypot/pf.os -x /etc/honeypot/xprobe2.conf -u 110 -g 110
--disable-webserver -i lo 10.0.0.0/8
$ grep Demoting /var/log/syslog |tail -1
Nov 23 15:28:58 javifsp honeyd[31842]: Demoting process privileges to uid
110, gid 110

Original issue reported on code.google.com by jav...@gmail.com on 23 Nov 2008 at 2:32

Attachments:

GoogleCodeExporter commented 8 years ago
Sorry, bug summary should be "Honeyd always run as nobody, command line -u and 
-g are
overwritten" (root --> nobody)

Unfortunately, I cannot revert that now...

Original comment by jav...@gmail.com on 23 Nov 2008 at 2:39

GoogleCodeExporter commented 8 years ago
Thank you very much for the patch.   This is fixed in trunk now.

Original comment by pro...@gmail.com on 4 Dec 2008 at 5:08