discuss-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setuid in gdomap - bug or feature?


From: Chris B. Vetter
Subject: Re: setuid in gdomap - bug or feature?
Date: Mon, 7 May 2001 10:53:53 -0700

On Fri, 4 May 2001 05:59:18 +0100
Richard Frith-Macdonald <richard@brainstorm.co.uk> wrote:
> On Friday, May 4, 2001, at 01:25 AM, Chris B. Vetter wrote:
> > Hi,
> > I'm not sure if this is a bug or a feature, but I'm running in all
> > kinds of trouble with gdomap's setuid(3) call in main().
> > Instead of
> >   if (getuid () != 0)
> >       setuid (getuid ());
> >   else setuid (-1);
> > which (on my box) keeps gdomap running with UID 4294967295, a call to
> > getpwnam(3) similar to
> >     struct passwd *pw = getpwnam("nobody");
> >     setuid(pw->pw_uid);
> > would probably be a much "cleaner" approach.
> I've changed the code to try using the user 'nobody' before resorting
> to uid -2 (-1 was a typo ... this should be consistent with the standard
> usage of -2 to denote a user with no access).  Some older unices don't 
> have a user 'nobody' by default, and common practice of applications
like
> NFS is to use -2.
> So, current behavior is ...
> If started by a non-root user, run as that user so they are able to kill
> the process.
> If started by root, run as user nobody (if found) else as user -2

Looks good - but doesn't work.

HAVE_PWD_H should be used, not HAVE_PWD ;-)
To compile properly on FreeBSD 4.2 (and propably 4.3), you need to
include <pwd.h> as well. Not sure about other OSes, though.

I just (05/07/01 - 10:38PST) made a CVS checkout and diff'd the
changes I made.

[...cut here...]

--- gdomap.c.org       Mon May  7 10:44:01 2001
+++ gdomap.c           Mon May  7 10:44:57 2001
@@ -54,6 +54,12 @@
 #include <signal.h>
 #include <sys/socket.h>
 #include <sys/file.h>
+
+#include "config.h"
+#ifdef HAVE_PWD_H
+#  include <pwd.h>
+#endif
+
 /*
  *     Stuff for setting the sockets into non-blocking mode.
  */
@@ -4230,7 +4236,7 @@
   else
     {
       int      uid = -2;
-#ifdef HAVE_PWD
+#ifdef HAVE_PWD_H
 #ifdef HAVE_GETPWNAM
       struct passwd *pw = getpwnam("nobody");

[...cut here...]

> All that being said ... I don't understand why this has been causing you
> any trouble.

As I said, (at least) FreeBSD doesn't really like UID 4294967295 ...

Thanks,

-- 
Chris



reply via email to

[Prev in Thread] Current Thread [Next in Thread]