[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: setuid in gdomap - bug or feature?
From: |
Chris B. Vetter |
Subject: |
Re: setuid in gdomap - bug or feature? |
Date: |
Mon, 7 May 2001 10:53:53 -0700 |
On Fri, 4 May 2001 05:59:18 +0100
Richard Frith-Macdonald <richard@brainstorm.co.uk> wrote:
> On Friday, May 4, 2001, at 01:25 AM, Chris B. Vetter wrote:
> > Hi,
> > I'm not sure if this is a bug or a feature, but I'm running in all
> > kinds of trouble with gdomap's setuid(3) call in main().
> > Instead of
> > if (getuid () != 0)
> > setuid (getuid ());
> > else setuid (-1);
> > which (on my box) keeps gdomap running with UID 4294967295, a call to
> > getpwnam(3) similar to
> > struct passwd *pw = getpwnam("nobody");
> > setuid(pw->pw_uid);
> > would probably be a much "cleaner" approach.
> I've changed the code to try using the user 'nobody' before resorting
> to uid -2 (-1 was a typo ... this should be consistent with the standard
> usage of -2 to denote a user with no access). Some older unices don't
> have a user 'nobody' by default, and common practice of applications
like
> NFS is to use -2.
> So, current behavior is ...
> If started by a non-root user, run as that user so they are able to kill
> the process.
> If started by root, run as user nobody (if found) else as user -2
Looks good - but doesn't work.
HAVE_PWD_H should be used, not HAVE_PWD ;-)
To compile properly on FreeBSD 4.2 (and propably 4.3), you need to
include <pwd.h> as well. Not sure about other OSes, though.
I just (05/07/01 - 10:38PST) made a CVS checkout and diff'd the
changes I made.
[...cut here...]
--- gdomap.c.org Mon May 7 10:44:01 2001
+++ gdomap.c Mon May 7 10:44:57 2001
@@ -54,6 +54,12 @@
#include <signal.h>
#include <sys/socket.h>
#include <sys/file.h>
+
+#include "config.h"
+#ifdef HAVE_PWD_H
+# include <pwd.h>
+#endif
+
/*
* Stuff for setting the sockets into non-blocking mode.
*/
@@ -4230,7 +4236,7 @@
else
{
int uid = -2;
-#ifdef HAVE_PWD
+#ifdef HAVE_PWD_H
#ifdef HAVE_GETPWNAM
struct passwd *pw = getpwnam("nobody");
[...cut here...]
> All that being said ... I don't understand why this has been causing you
> any trouble.
As I said, (at least) FreeBSD doesn't really like UID 4294967295 ...
Thanks,
--
Chris