SOURCES: portmap-rpc_user.patch - back to "rpc" user for better pr...

qboosh qboosh at pld-linux.org
Sat Mar 11 20:27:02 CET 2006 

Author: qboosh                       Date: Sat Mar 11 19:27:02 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- back to "rpc" user for better privilege separation

---- Files affected:
SOURCES:
   portmap-rpc_user.patch (1.3 -> 1.4) 

---- Diffs:

================================================================
Index: SOURCES/portmap-rpc_user.patch
diff -u SOURCES/portmap-rpc_user.patch:1.3 SOURCES/portmap-rpc_user.patch:1.4
--- SOURCES/portmap-rpc_user.patch:1.3	Fri Jan  6 18:51:39 2006
+++ SOURCES/portmap-rpc_user.patch	Sat Mar 11 20:26:57 2006
@@ -19,7 +19,7 @@
  #include <sys/signal.h>
  #ifdef SYSV40
  #include <netinet/in.h>
-@@ -149,11 +151,49 @@
+@@ -149,11 +151,47 @@
      /*
       * Give up root privileges so that we can never allocate a privileged
       * port when forwarding an rpc request.
@@ -27,8 +27,6 @@
 +     * Fix 8/3/00 Philipp Knirsch: First lookup our rpc user. If we find it,
 +     * switch to that uid, otherwise simply resue the old bin user and print
 +     * out a warning in syslog.
-+     * PLD: use nobody; special user is not required (doesn't need any
-+     * additional privileges)
       */
 -    if (setuid(1) == -1) {
 -	syslog(LOG_ERR, "setuid(1) failed: %m");
@@ -36,9 +34,9 @@
 +
 +    struct passwd *pwent;
 +
-+    pwent = getpwnam("nobody");
++    pwent = getpwnam("rpc");
 +    if (pwent == NULL) {
-+        syslog(LOG_WARNING, "user nobody not found, reverting to user bin");
++        syslog(LOG_WARNING, "user rpc not found, reverting to user bin");
 +        if (setgid(1) == -1) {
 +            syslog(LOG_ERR, "setgid(1) failed: %m");
 +            exit(1);
@@ -54,14 +52,14 @@
 +        }
 +
 +        if (setgid(pwent->pw_gid) == -1) {
-+            syslog(LOG_WARNING, "setgid() to nobody group failed: %m");
++            syslog(LOG_WARNING, "setgid() to rpc group failed: %m");
 +            if (setgid(1) == -1) {
 +                syslog(LOG_ERR, "setgid(1) failed: %m");
 +                exit(1);
 +            }
 +        }
 +        if (setuid(pwent->pw_uid) == -1) {
-+            syslog(LOG_WARNING, "setuid() to nobody user failed: %m");
++            syslog(LOG_WARNING, "setuid() to rpc user failed: %m");
 +            if (setuid(1) == -1) {
 +                syslog(LOG_ERR, "setuid(1) failed: %m");
 +                exit(1);
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/portmap-rpc_user.patch?r1=1.3&r2=1.4&f=u

More information about the pld-cvs-commit mailing list