Skip to content
This repository has been archived by the owner on May 4, 2024. It is now read-only.

Commit

Permalink
Discourage SETUID
Browse files Browse the repository at this point in the history 
SETUID is discouraged, as it allows non-root users to write arbitrary files,
by specifying certain CLI args and environment variables.

Instead, consider using launchd or sudo.

See `./etc_sudoers.d/vde_vmnet` to allow running `sudo vde_vmnet` with reduced
set of args and environment variables.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
  • Loading branch information
@AkihiroSuda
AkihiroSuda committed Jul 30, 2021
1 parent db729b7 commit eae385e
Show file tree
Hide file tree
Showing 7 changed files with 32 additions and 1 deletion.
8 changes: 8 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,14 @@ However, signing a binary with `com.apple.vm.networking` entitlement seems to re
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_vm_networking

### Is it possible to run `vde_vmnet` with SETUID?

Discouraged, as it allows non-root users to write arbitrary files, by specifying certain CLI args and environment variables.

Instead, consider using launchd or sudo.

See [`./etc_sudoers.d/vde_vmnet`](./etc_sudoers.d/vde_vmnet) to allow running `sudo vde_vmnet` with reduced set of args and environment variables.

### How is vde_vmnet related to QEMU-builtin vmnet support?
There are proposal to add builtin vmnet support for QEMU:
- https://lore.kernel.org/qemu-devel/20210617143246.55336-1-yaroshchuk2000@gmail.com/
Expand Down
15 changes: 15 additions & 0 deletions etc_sudoers.d/vde_vmnet
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# make install: no

# To allow non-root users to run `vde_vmnet`, install this file as `/etc/sudoers.d/vde_vmnet` (permission 0644).

# Usage:
# - sudo -u daemon -g staff /usr/local/bin/vde_switch ...
# - sudo /usr/local/bin/vde_vmnet ...

# Entries for shared mode (192.168.105.0/24)
%staff ALL=(daemon:staff) NOPASSWD:NOSETENV: /usr/local/bin/vde_switch --sock=/var/run/vde.ctl --pidfile=/var/run/vde.pid --group=staff --dirmode=0770
%staff ALL=(root:root) NOPASSWD:NOSETENV: /usr/local/bin/vde_vmnet --vmnet-gateway=192.168.105.1 /var/run/vde.ctl

# Entries for bridged mode (en0)
%staff ALL=(daemon:staff) NOPASSWD:NOSETENV: /usr/local/bin/vde_switch --sock=/var/run/vde.bridged.en0.ctl --pidfile=/var/run/vde.bridged.en0.pid --group=staff --dirmode=0770
%staff ALL=(root:root) NOPASSWD:NOSETENV: /usr/local/bin/vde_vmnet --vmnet-mode=bridged --vmnet-interface=en0 /var/run/vde.bridged.en0.ctl
1 change: 1 addition & 0 deletions launchd/io.github.AkihiroSuda.vde_vmnet.bridged.en0.plist
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- make install: no by default -->
<plist version="1.0">
<dict>
<key>Label</key>
Expand Down
1 change: 1 addition & 0 deletions launchd/io.github.AkihiroSuda.vde_vmnet.plist
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- make install: yes -->
<plist version="1.0">
<dict>
<key>Label</key>
Expand Down
1 change: 1 addition & 0 deletions launchd/io.github.virtualsquare.vde-2.vde_switch.bridged.en0.plist
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- make install: no by default -->
<plist version="1.0">
<dict>
<!-- vde_switch itself is maintained at github.com/virtualsquare/vde-2 , but this plist file is maintained at github.com/AkihiroSuda/vde_vmnet -->
Expand Down
3 changes: 2 additions & 1 deletion launchd/io.github.virtualsquare.vde-2.vde_switch.plist
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- make install: yes -->
<plist version="1.0">
<dict>
<!-- vde_switch itself is maintained at github.com/virtualsquare/vde-2 , but this plist file is maintained at github.com/AkihiroSuda/vde_vmnet -->
Expand Down Expand Up @@ -30,4 +31,4 @@
<key>GroupName</key>
<string>staff</string>
</dict>
</plist>
</plist>
4 changes: 4 additions & 0 deletions main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,10 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "WARNING: Running without root. This is very unlikely to "
"work. See README.md .\n");
}
if (geteuid() != getuid()) {
fprintf(stderr, "WARNING: Seems running with SETUID. This is insecure and "
"highly discouraged. See README.md .\n");
}
DEBUGF("Opening VDE \"%s\" (for UNIX group \"%s\")", cliopt->vde_switch,
cliopt->vde_group);
struct vde_open_args vdeargs = {
Expand Down

0 comments on commit eae385e

Please sign in to comment.