diff options
author | Steve Dickson <steved@redhat.com> | 2008-02-08 11:54:09 -0500 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2008-02-08 11:54:09 -0500 |
commit | 464d2aed4506a217aa53df9cf0e0144bab5bbfd9 (patch) | |
tree | daeae52d7b754cbede88b44b6a27fda46d0d1707 | |
parent | 37117c6984ea5c640a19e6206dfa4b97710b6f37 (diff) | |
download | rpcbind-464d2aed4506a217aa53df9cf0e0144bab5bbfd9.tar.gz |
Make sure the owner of the warm start files is the
same uid the running process; Not necessarily root.
Signed-off-by: Steve Dickson <steved@redhat.com>
-rw-r--r-- | src/rpcbind.c | 15 | ||||
-rw-r--r-- | src/warmstart.c | 21 |
2 files changed, 19 insertions, 17 deletions
diff --git a/src/rpcbind.c b/src/rpcbind.c index 2a900d9..650cd29 100644 --- a/src/rpcbind.c +++ b/src/rpcbind.c @@ -85,6 +85,7 @@ char *rpcbinduser = RPCBIND_USER; #else char *rpcbinduser = NULL; #endif +uid_t rpc_uid; /* who to suid to if -s is given */ #define RUN_AS "daemon" @@ -193,11 +194,7 @@ main(int argc, char *argv[]) (void) signal(SIGHUP, SIG_IGN); (void) signal(SIGUSR1, SIG_IGN); (void) signal(SIGUSR2, SIG_IGN); -#ifdef WARMSTART - if (warmstart) { - read_warmstart(); - } -#endif + if (debugging) { #ifdef RPCBIND_DEBUG printf("rpcbind debugging enabled."); @@ -212,6 +209,7 @@ main(int argc, char *argv[]) err(1, "fork failed"); } + rpc_uid = 0; if (runasdaemon || rpcbinduser) { struct passwd *p; char *id = runasdaemon ? RUN_AS : rpcbinduser; @@ -224,8 +222,15 @@ main(int argc, char *argv[]) syslog(LOG_ERR, "setuid to '%s' failed: %m", id); exit(1); } + rpc_uid = p->pw_uid; } +#ifdef WARMSTART + if (warmstart) { + read_warmstart(); + } +#endif + network_init(); my_svc_run(); diff --git a/src/warmstart.c b/src/warmstart.c index 6a50c41..a1322b1 100644 --- a/src/warmstart.c +++ b/src/warmstart.c @@ -49,18 +49,14 @@ #include "config.h" #include "rpcbind.h" -/* - * XXX this code is unsafe and is not used. It should be made safe. - */ - #ifndef RPCBIND_STATEDIR #define RPCBIND_STATEDIR "/tmp" #endif /* These files keep the pmap_list and rpcb_list in XDR format */ -#define RPCBFILE RPCBIND_STATEDIR "/rpcbind.file" +#define RPCBFILE RPCBIND_STATEDIR "/rpcbind.xdr" #ifdef PORTMAP -#define PMAPFILE RPCBIND_STATEDIR "/portmap.file" +#define PMAPFILE RPCBIND_STATEDIR "/portmap.xdr" #endif static bool_t write_struct __P((char *, xdrproc_t, void *)); @@ -107,13 +103,14 @@ read_struct(char *filename, xdrproc_t structproc, void *list) FILE *fp; XDR xdrs; struct stat sbuf; - + extern uid_t rpc_uid; + if (stat(filename, &sbuf) != 0) { fprintf(stderr, "rpcbind: cannot stat file = %s for reading\n", filename); goto error; } - if ((sbuf.st_uid != 0) || (sbuf.st_mode & S_IRWXG) || + if ((sbuf.st_uid != rpc_uid) || (sbuf.st_mode & S_IRWXG) || (sbuf.st_mode & S_IRWXO)) { fprintf(stderr, "rpcbind: invalid permissions on file = %s for reading\n", @@ -163,17 +160,17 @@ read_warmstart() ok1 = read_struct(RPCBFILE, (xdrproc_t)xdr_rpcblist_ptr, &tmp_rpcbl); if (ok1 == FALSE) return; - #ifdef PORTMAP +#ifdef PORTMAP ok2 = read_struct(PMAPFILE, (xdrproc_t)xdr_pmaplist_ptr, &tmp_pmapl); - #endif +#endif if (ok2 == FALSE) { xdr_free((xdrproc_t) xdr_rpcblist_ptr, (char *)&tmp_rpcbl); return; } xdr_free((xdrproc_t) xdr_rpcblist_ptr, (char *)&list_rbl); list_rbl = tmp_rpcbl; - #ifdef PORTMAP +#ifdef PORTMAP xdr_free((xdrproc_t) xdr_pmaplist_ptr, (char *)&list_pml); list_pml = tmp_pmapl; - #endif +#endif } |