[sr-dev] Permission problem and setuid in Kamailio 1.5

Andrei Pelinescu-Onciul andrei at iptel.org
Tue Oct 13 13:01:53 CEST 2009 

On Oct 13, 2009 at 13:57, marius zbihlei <marius.zbihlei at 1and1.ro> wrote:
> Andrei Pelinescu-Onciul wrote:
> >On Oct 13, 2009 at 12:55, marius zbihlei <marius.zbihlei at 1and1.ro> wrote:
> >  
> >>Hi all,
> >>
> >>There is a permission problem if the daemon is started given -u and -g 
> >>parameters (sets up user and group for the process).
> >>
> >>The do_suid function (defined in demonize.c) is called after the call to 
> >>init_modules(), so the mod_init functions of the configured module are 
> >>loaded before the call to do_suid. This wasn't a problem in 1.3 because 
> >>no module(I am aware off) use the uid and gid of the process to do 
> >>permission checks.
> >>
> >>This has changed in 1.5, module carrierroute, as there is a check to see 
> >>if the route file in config-file mode (usually 
> >>/etc/kamailio/carrierroute.conf) has the right permission set on it 
> >>(Issues an warning if it's worldly writable and error if it's not 
> >>writable by the process owner). This of course is a problem because 
> >>kamailio hasn't yet setuid()/setgid() so the checks are done using the 
> >>wrong uid.
> >>    
> >
> >You should do the check then from child_init(PROC_INIT)
> >(rank==PROC_INIT). It's executed after setuid(), but before any real
> >forking (so you could still exit gracefully).
> >
> >
> >  
> >>A correct (imho) course of action is to move the call to do_suid 
> >>function before the call to init_modules()(and before any other calls to 
> >>initialization functions).
> >>    
> >
> >No, the do_suid() is on purpose _after_ the mod_init() to allow the
> >modules to open sockets/files a.s.o. before the suid part
> >(e.g. this way if started as root a module can open a socket on a port <
> >1024 from mod_init).
> >All the operations that require special privileges should be done from
> >mod_init().
> >
> >  
> Ok, so tests like in carrierroute module's mod_init (testing the 
> permission against what is returned from geteuid() and getegid()) should 
> be moved to a later stage?

Yes, it should.

But why do you need it, you open/re-open the file at runtime if changed?

> >>I've attached a small patch that does this (tested).
> >>
> >>There are any considerations on why the init_modules() should be called 
> >>with another uid/gid?
> >>    
> >
> >Yes, see above.
> >
> >Note that the PROC_INIT stuff will work on sip-router and probably not
> >on old kamailio (> 3.0). You could try using 0 there (PROC_MAIN), but it
> >will be called after forking some of the processes (the exit won't be as
> >graceful).
> >
> >
> >Andrei
> >
> >  
> The bug is present in kamailio 1.5 so i haven't yet looked into the 
> implementation of 3.0 .  Looks  nice that there is a central way where 
> to do this kind of actions
> 

Andrei

More information about the sr-dev mailing list