Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Xrdp as unprivileged user #2974

Merged
merged 7 commits into from
Jul 2, 2024
Merged

Xrdp as unprivileged user #2974

merged 7 commits into from
Jul 2, 2024

Commits on Jul 1, 2024

  1. Add params to allow xrdp to be run as non-root 

    runtime_user and runtime_group are added to the xrdp.ini file
so that the service knows how to reduce privilege
    @matt335672
    matt335672 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    17a5656 View commit details
    Browse the repository at this point in the history

  2. Refactor xrdp_listen to allow for privilege drop 

    - xrdp_listen.c is refactored so we can create the
  listening socket(s) before dropping privileges.
- The code which reads startup params from xrdp.ini
  is moved from xrdp_listen.c to xrdp.c, so it
  is only called once if we test the listen before
  starting the daemon.
    @matt335672
    matt335672 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    ddff9eb View commit details
    Browse the repository at this point in the history

  3. xrdp: PID file handling tidy-ups 

    Now we have g_file_open_rw() we don't need to try to write to
the PID file to see if we can. Just leave the file open and write to
it after forking.
    @matt335672
    matt335672 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    2446c20 View commit details
    Browse the repository at this point in the history

  4. Add code to drop privileges of xrdp daemon

    @matt335672
    matt335672 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    b1d8428 View commit details
    Browse the repository at this point in the history

  5. Allow for xrdp not being able to delete PID file 

    If xrdp is running with dropped privileges it won't be able to delete
the PID file it's created. Places where xrdp is stopped need to cater
for this.

It's prefereable to do this than make the PID file writeable by xrdp
with dropped privileges, as this can still lead to DoS attacks if an
attacker manages to modify the PID file from a compromised xrdp
process.
    @matt335672
    matt335672 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    ce355fc View commit details
    Browse the repository at this point in the history

  6. Add xrdp-chkpriv script to check xrdp privileges

    @matt335672
    matt335672 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    48255da View commit details
    Browse the repository at this point in the history

  7. Check unprivileged user can't write TLS files 

    The unprivileged user needs to be able to read the certificate and
key files to offer TLS, but should not be able to write to then.

This commit checks the TLS files are read-only, rather than
simply readable
    @matt335672
    matt335672 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    0ebf4cf View commit details
    Browse the repository at this point in the history