Re: [PATCH] Drop root privileges (if we have them)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 --- Zygmuntowicz Michal <m.zygmuntowicz@onet.pl>
wrote: > To summarize:
> *) we will use -u (--user) command line option to
> specify
>     "run as" user,
Done, but see below.

> *) group is not configurable;
Done, but see below.

> *) I would rather do not add anything new to the
> config, command line option is enough,
OK.

> *) user is changed before pid/trace files are
> created, so these receive proper ownership,
Done.

> *) if user change fails gnugk should be terminated
>     and an approtiate message displayed,
Done.

> *) no IsPrivileged... test,
OK

> *) user change code should be surrounded with
>     #ifdef HAS_SETUSERNAME
>     #endif
>     
>     HAS_SETUSERNAME will be set by configure script
>     in the future. Now it will be sufficient to put
> at the top of gk.cxx
>     #ifndef _WIN32
>     #define HAS_SETUSERNAME 1
>     #endif
Done. 

However, there is a bug in the pwlib-1.5.2
PProcess::SetUserName() function that makes GateKeeper
core-dump if you specify a garbage user name.

>From pwlib/src/ptlib/unix/tlib.cxx:

    if (pw != NULL || pw->pw_name != NULL)
      uid = pw->pw_uid;

This should read:

    if (pw != NULl && pw->pw_name != NULL)

And similarly for SetGroupName():

    if (gr != NULL && gr->gr_name != NULL)

The other problem is that the SetUserName() doesn't
allow me access to the passwd structure, so I have no
opportunity to read the new GID. Not that there's a
PProcess::SetGroupID() function, even it did...

I was hoping to change the group ID so that I could
leave the gatekeeper.ini file owned by root and
read-only by the gnugk group. But this doesn't appear
practical at present.

Cheers,
Chris


________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux