SOURCES: netkit-rwall-droppriv-later.patch (NEW) - drop privs afte...
baggins
baggins at pld-linux.org
Tue Sep 25 19:34:00 CEST 2007
Author: baggins Date: Tue Sep 25 17:34:00 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- drop privs after registering with portmapper
(rpcbind doesn't allow registrations from non-privileged ports)
---- Files affected:
SOURCES:
netkit-rwall-droppriv-later.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/netkit-rwall-droppriv-later.patch
diff -u /dev/null SOURCES/netkit-rwall-droppriv-later.patch:1.1
--- /dev/null Tue Sep 25 19:34:00 2007
+++ SOURCES/netkit-rwall-droppriv-later.patch Tue Sep 25 19:33:55 2007
@@ -0,0 +1,45 @@
+--- netkit-rwall-0.17/rpc.rwalld/rwalld.c~ 2007-09-25 19:29:52.000000000 +0200
++++ netkit-rwall-0.17/rpc.rwalld/rwalld.c 2007-09-25 19:30:34.000000000 +0200
+@@ -90,20 +90,6 @@
+ exit(1);
+ }
+
+- if (getuid() == 0 || geteuid() == 0) {
+- struct passwd *pwd = getpwnam("nobody");
+- if (pwd) {
+- initgroups(pwd->pw_name, pwd->pw_gid);
+- setgid(pwd->pw_gid);
+- setuid(pwd->pw_uid);
+- }
+- seteuid(0); /* this should fail */
+- if (getuid() == 0 || geteuid() == 0) {
+- syslog(LOG_CRIT, "can't drop root privileges");
+- exit(1);
+- }
+- }
+-
+ /*
+ * See if inetd started us
+ */
+@@ -153,6 +139,21 @@
+ (void)fprintf(stderr, "unable to register (WALLPROG, WALLVERS, udp).\n");
+ exit(1);
+ }
++
++ if (getuid() == 0 || geteuid() == 0) {
++ struct passwd *pwd = getpwnam("nobody");
++ if (pwd) {
++ initgroups(pwd->pw_name, pwd->pw_gid);
++ setgid(pwd->pw_gid);
++ setuid(pwd->pw_uid);
++ }
++ seteuid(0); /* this should fail */
++ if (getuid() == 0 || geteuid() == 0) {
++ syslog(LOG_CRIT, "can't drop root privileges");
++ exit(1);
++ }
++ }
++
+ svc_run();
+ (void)fprintf(stderr, "svc_run returned\n");
+ exit(1);
================================================================
More information about the pld-cvs-commit
mailing list