Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Jan 2012 16:09:32 +0400
From:      Andrey Zonov <andrey@zonov.org>
To:        Guy Helmer <ghelmer@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r229667 - head/usr.sbin/daemon
Message-ID:  <4F12C1FC.6010203@zonov.org>
In-Reply-To: <201201052248.q05MmaZk059871@svn.freebsd.org>
References:  <201201052248.q05MmaZk059871@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 06.01.2012 2:48, Guy Helmer wrote:
> Author: ghelmer
> Date: Thu Jan  5 22:48:36 2012
> New Revision: 229667
> URL: http://svn.freebsd.org/changeset/base/229667
>
> Log:
>    Allow daemon(8) to run pidfile_open() before relenquishing privileges
>    so pid files can be written in /var/run when started as root.
>
>    I do not expect this to cause any security issues, but if anyone objects
>    it could be easily reverted.

You can't read pidfile by the user that you specify by '-u' flag. 
That's not good.  IMHO, the right way to solve this problem is to create 
directory in /var/run from post-install script with sufficient 
privileges to create pidfiles.

Also, the idea about close-on-exec flag is good, but not for daemon(8). 
  Opened pidfile uses as an exclusive lock, that prevents from running 
any other daemon with this pidfile.

>
>    PR:		bin/159568
>    MFC after:	4 weeks
>
> Modified:
>    head/usr.sbin/daemon/daemon.c
>
> Modified: head/usr.sbin/daemon/daemon.c
> ==============================================================================
> --- head/usr.sbin/daemon/daemon.c	Thu Jan  5 22:31:25 2012	(r229666)
> +++ head/usr.sbin/daemon/daemon.c	Thu Jan  5 22:48:36 2012	(r229667)
> @@ -79,9 +79,6 @@ main(int argc, char *argv[])
>   	if (argc == 0)
>   		usage();
>
> -	if (user != NULL)
> -		restrict_process(user);
> -
>   	/*
>   	 * Try to open the pidfile before calling daemon(3),
>   	 * to be able to report the error intelligently
> @@ -97,6 +94,9 @@ main(int argc, char *argv[])
>   		}
>   	}
>
> +   if (user != NULL)
> +             restrict_process(user);
> +
>   	if (daemon(nochdir, noclose) == -1)
>   		err(1, NULL);
>
> _______________________________________________
> svn-src-all@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

-- 
Andrey Zonov

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F12C1FC.6010203>