boringtun icon indicating copy to clipboard operation
boringtun copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Failed to drop privileges: DropPrivileges("Failed to permanently drop privileges")

Open dylan-deep-stack opened this issue 5 years ago • 7 comments

** when i run root ./boringtun -f wg0 Failed to drop privileges: DropPrivileges("Failed to permanently drop privileges")

It hava a error message **

dylan-deep-stack avatar Aug 26 '19 08:08 dylan-deep-stack

This is fixed when i running command " boringtun wg1 --disable-drop-privileges root"

boringtun wg1 --disable-drop-privileges root BoringTun started successfully

dylan-deep-stack avatar Aug 29 '19 01:08 dylan-deep-stack

What Operating System and what version are you running?

ian-otto avatar Dec 25 '19 23:12 ian-otto

I'm attempting to run BoringTun in a docker container and run into this even with the --privileged flag providing the container with full privileged access and running as the root user in the container.

sudo boringtun wg0 -f
Poll error Interrupted system call
Poll error Interrupted system call
Poll error Interrupted system call
Poll error Interrupted system call
Poll error Interrupted system call
Poll error Interrupted system call
Failed to drop privileges: DropPrivileges("Failed to permanently drop privileges")

vs

sudo boringtun wg0 -f --disable-drop-privileges root

boringtun --version
boringtun 0.3.0

Compiled from 700f20bf2a060953911c998c02dea821a43c09ca on Alpine

cat /etc/alpine-release
3.12_alpha20191219

uname -mrvo
4.19.88 #1 SMP Tue Feb 4 22:25:03 PST 2020 x86_64 Linux

Any suggestions would be helpful thanks!

wmiller848 avatar Feb 24 '20 15:02 wmiller848

The code in https://github.com/cloudflare/boringtun/blob/34cc88c1d6599cc88cf0c336693ab51a00e962b1/src/device/drop_privileges.rs assumes user runs boringtun with sudo under a non-root user. It gets the original username and uid/gid and then setuid/getgid to it, finally it checks it can't set them back to root. So invoke boringtun in a root login shell will result in this error.

I don't know WHY they can make such a assumption.

A fix could be adding a check in drop_privileges(). When the getlogin function returns root, don't drop privileges.

Menci avatar Aug 12 '20 04:08 Menci

@wmiller848

on Alpine

Apparently getlogin on musl (used by Alpine) returns root when you use sudo, which means boringtun can't drop privileges.

Maybe SUDO_UID and SUDO_GID can be used if they are available?

mikma avatar Jan 03 '21 00:01 mikma

Musl's getlogin returns getenv("LOGNAME"). Dropping privileges should work if LOGNAME is set appropriately, e.g.

$ whoami
alpine
$ sudo boringtun wg0
BoringTun failed to start
$ sudo env LOGNAME=alpine boringtun wg0
BoringTun started successfully

twittner avatar Mar 23 '21 14:03 twittner

Musl's getlogin returns getenv("LOGNAME"). Dropping privileges should work if LOGNAME is set appropriately, e.g.

$ whoami
alpine
$ sudo boringtun wg0
BoringTun failed to start
$ sudo env LOGNAME=alpine boringtun wg0
BoringTun started successfully

If you don't want to use sudo, then another similar workaround (on musl-based systems) is to run boringtun-cli as root, but with LOGNAME set to the user you want boringtun-cli to become. For example:

# whoami
root
# LOGNAME=someuser ./boringtun-cli wg0
BoringTun started successfully

parke avatar May 31 '23 05:05 parke