From owner-svn-src-all@FreeBSD.ORG  Fri Jan 28 22:35:46 2011
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8C7191065672;
	Fri, 28 Jan 2011 22:35:46 +0000 (UTC) (envelope-from pjd@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 7C5C88FC19;
	Fri, 28 Jan 2011 22:35:46 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p0SMZkoT002923;
	Fri, 28 Jan 2011 22:35:46 GMT (envelope-from pjd@svn.freebsd.org)
Received: (from pjd@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id p0SMZkeo002920;
	Fri, 28 Jan 2011 22:35:46 GMT (envelope-from pjd@svn.freebsd.org)
Message-Id: <201101282235.p0SMZkeo002920@svn.freebsd.org>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Fri, 28 Jan 2011 22:35:46 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r218049 - head/sbin/hastd
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jan 2011 22:35:46 -0000

Author: pjd
Date: Fri Jan 28 22:35:46 2011
New Revision: 218049
URL: http://svn.freebsd.org/changeset/base/218049

Log:
  Drop privileges in worker processes.
  
  Accepting connections and handshaking in secondary is still done before
  dropping privileges. It should be implemented by only accepting connections in
  privileged main process and passing connection descriptors to the worker, but
  is not implemented yet.
  
  MFC after:	1 week

Modified:
  head/sbin/hastd/primary.c
  head/sbin/hastd/secondary.c

Modified: head/sbin/hastd/primary.c
==============================================================================
--- head/sbin/hastd/primary.c	Fri Jan 28 22:33:47 2011	(r218048)
+++ head/sbin/hastd/primary.c	Fri Jan 28 22:35:46 2011	(r218049)
@@ -847,6 +847,11 @@ hastd_primary(struct hast_resource *res)
 	init_ggate(res);
 	init_environment(res);
 
+	if (drop_privs() != 0) {
+		cleanup(res);
+		exit(EX_CONFIG);
+	}
+
 	/*
 	 * Create the guard thread first, so we can handle signals from the
 	 * very begining.

Modified: head/sbin/hastd/secondary.c
==============================================================================
--- head/sbin/hastd/secondary.c	Fri Jan 28 22:33:47 2011	(r218048)
+++ head/sbin/hastd/secondary.c	Fri Jan 28 22:35:46 2011	(r218049)
@@ -413,6 +413,9 @@ hastd_secondary(struct hast_resource *re
 	init_local(res);
 	init_environment();
 
+	if (drop_privs() != 0)
+		exit(EX_CONFIG);
+
 	/*
 	 * Create the control thread before sending any event to the parent,
 	 * as we can deadlock when parent sends control request to worker,