From owner-freebsd-bugs@FreeBSD.ORG Sun Aug 7 01:40:13 2011 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C5841065673 for ; Sun, 7 Aug 2011 01:40:13 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 215978FC17 for ; Sun, 7 Aug 2011 01:40:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p771eDex048299 for ; Sun, 7 Aug 2011 01:40:13 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p771eCSF048298; Sun, 7 Aug 2011 01:40:12 GMT (envelope-from gnats) Resent-Date: Sun, 7 Aug 2011 01:40:12 GMT Resent-Message-Id: <201108070140.p771eCSF048298@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Aragon Gouveia Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0FF92106564A for ; Sun, 7 Aug 2011 01:35:50 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 005598FC13 for ; Sun, 7 Aug 2011 01:35:50 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p771ZnvN006976 for ; Sun, 7 Aug 2011 01:35:49 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p771ZnHI006975; Sun, 7 Aug 2011 01:35:49 GMT (envelope-from nobody) Message-Id: <201108070135.p771ZnHI006975@red.freebsd.org> Date: Sun, 7 Aug 2011 01:35:49 GMT From: Aragon Gouveia To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: bin/159568: [patch] allow daemon(8) to write pid file in /var/run without root X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Aug 2011 01:40:13 -0000 >Number: 159568 >Category: bin >Synopsis: [patch] allow daemon(8) to write pid file in /var/run without root >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Aug 07 01:40:12 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Aragon Gouveia >Release: 8.2-RELEASE-p2 >Organization: >Environment: FreeBSD fuzz.geek.sh 8.2-RELEASE-p2 FreeBSD 8.2-RELEASE-p2 #0: Sun Jul 10 15:27:35 SAST 2011 toor@igor.geek.sh:/usr/obj/usr/src-RELENG_8_2/sys/FUZZ amd64 >Description: daemon(8) provides the ability to write a pid file of the daemon it forks. It also provides the ability to drop root privileges of the daemon it forks, however, this feature prevents it from writing a pid file to /var/run. Attached patch makes daemon(8) open the pid file descriptor before dropping root privileges. >How-To-Repeat: >Fix: Patch attached with submission follows: --- daemon.c.orig 2011-08-07 03:26:47.000000000 +0200 +++ daemon.c 2011-08-07 03:27:04.000000000 +0200 @@ -79,9 +79,6 @@ if (argc == 0) usage(); - if (user != NULL) - restrict_process(user); - /* * Try to open the pidfile before calling daemon(3), * to be able to report the error intelligently @@ -97,6 +94,9 @@ } } + if (user != NULL) + restrict_process(user); + if (daemon(nochdir, noclose) == -1) err(1, NULL); >Release-Note: >Audit-Trail: >Unformatted: