From owner-svn-src-all@FreeBSD.ORG Sun Jan 15 12:09:42 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2842C1065672; Sun, 15 Jan 2012 12:09:42 +0000 (UTC) (envelope-from andrey@zonov.org) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 5BE168FC1E; Sun, 15 Jan 2012 12:09:40 +0000 (UTC) Received: by bke11 with SMTP id 11so649582bke.13 for ; Sun, 15 Jan 2012 04:09:40 -0800 (PST) Received: by 10.205.122.76 with SMTP id gf12mr951924bkc.0.1326629378457; Sun, 15 Jan 2012 04:09:38 -0800 (PST) Received: from [10.254.254.77] (ppp95-165-126-65.pppoe.spdop.ru. [95.165.126.65]) by mx.google.com with ESMTPS id ci12sm31806690bkb.13.2012.01.15.04.09.37 (version=SSLv3 cipher=OTHER); Sun, 15 Jan 2012 04:09:38 -0800 (PST) Message-ID: <4F12C1FC.6010203@zonov.org> Date: Sun, 15 Jan 2012 16:09:32 +0400 From: Andrey Zonov User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.24) Gecko/20100228 Thunderbird/2.0.0.24 Mnenhy/0.7.6.0 MIME-Version: 1.0 To: Guy Helmer References: <201201052248.q05MmaZk059871@svn.freebsd.org> In-Reply-To: <201201052248.q05MmaZk059871@svn.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r229667 - head/usr.sbin/daemon X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jan 2012 12:09:42 -0000 On 06.01.2012 2:48, Guy Helmer wrote: > Author: ghelmer > Date: Thu Jan 5 22:48:36 2012 > New Revision: 229667 > URL: http://svn.freebsd.org/changeset/base/229667 > > Log: > Allow daemon(8) to run pidfile_open() before relenquishing privileges > so pid files can be written in /var/run when started as root. > > I do not expect this to cause any security issues, but if anyone objects > it could be easily reverted. You can't read pidfile by the user that you specify by '-u' flag. That's not good. IMHO, the right way to solve this problem is to create directory in /var/run from post-install script with sufficient privileges to create pidfiles. Also, the idea about close-on-exec flag is good, but not for daemon(8). Opened pidfile uses as an exclusive lock, that prevents from running any other daemon with this pidfile. > > PR: bin/159568 > MFC after: 4 weeks > > Modified: > head/usr.sbin/daemon/daemon.c > > Modified: head/usr.sbin/daemon/daemon.c > ============================================================================== > --- head/usr.sbin/daemon/daemon.c Thu Jan 5 22:31:25 2012 (r229666) > +++ head/usr.sbin/daemon/daemon.c Thu Jan 5 22:48:36 2012 (r229667) > @@ -79,9 +79,6 @@ main(int argc, char *argv[]) > if (argc == 0) > usage(); > > - if (user != NULL) > - restrict_process(user); > - > /* > * Try to open the pidfile before calling daemon(3), > * to be able to report the error intelligently > @@ -97,6 +94,9 @@ main(int argc, char *argv[]) > } > } > > + if (user != NULL) > + restrict_process(user); > + > if (daemon(nochdir, noclose) == -1) > err(1, NULL); > > _______________________________________________ > svn-src-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/svn-src-all > To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" -- Andrey Zonov