Date: Fri, 28 Jan 2011 22:35:46 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r218049 - head/sbin/hastd Message-ID: <201101282235.p0SMZkeo002920@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Fri Jan 28 22:35:46 2011 New Revision: 218049 URL: http://svn.freebsd.org/changeset/base/218049 Log: Drop privileges in worker processes. Accepting connections and handshaking in secondary is still done before dropping privileges. It should be implemented by only accepting connections in privileged main process and passing connection descriptors to the worker, but is not implemented yet. MFC after: 1 week Modified: head/sbin/hastd/primary.c head/sbin/hastd/secondary.c Modified: head/sbin/hastd/primary.c ============================================================================== --- head/sbin/hastd/primary.c Fri Jan 28 22:33:47 2011 (r218048) +++ head/sbin/hastd/primary.c Fri Jan 28 22:35:46 2011 (r218049) @@ -847,6 +847,11 @@ hastd_primary(struct hast_resource *res) init_ggate(res); init_environment(res); + if (drop_privs() != 0) { + cleanup(res); + exit(EX_CONFIG); + } + /* * Create the guard thread first, so we can handle signals from the * very begining. Modified: head/sbin/hastd/secondary.c ============================================================================== --- head/sbin/hastd/secondary.c Fri Jan 28 22:33:47 2011 (r218048) +++ head/sbin/hastd/secondary.c Fri Jan 28 22:35:46 2011 (r218049) @@ -413,6 +413,9 @@ hastd_secondary(struct hast_resource *re init_local(res); init_environment(); + if (drop_privs() != 0) + exit(EX_CONFIG); + /* * Create the control thread before sending any event to the parent, * as we can deadlock when parent sends control request to worker,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101282235.p0SMZkeo002920>