[PATCH 11/20] uuidd: introduce --keep-privs option

Petr Uzel <petr.uzel@xxxxxxx> · Thu, 29 Mar 2012 18:45:19 +0200

This option makes uuidd _not_ to drop its privileges if installed suid
and exectued by root.

Signed-off-by: Petr Uzel <petr.uzel@xxxxxxx>
---
 misc-utils/uuidd.8 |    5 +++++
 misc-utils/uuidd.c |    7 ++++++-
 2 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/misc-utils/uuidd.8 b/misc-utils/uuidd.8
index f5fb5f0..892f236 100644
--- a/misc-utils/uuidd.8
+++ b/misc-utils/uuidd.8
@@ -48,6 +48,11 @@ process.  Implies --no-fork and --no-pid.  As of this writing, this option is
 supposed to be used only with systemd. It needs to enabled with configure
 option --enable--uuid-socket-activation.
 .TP
+.BR \-K , " \-\-keep-privs "
+If uuidd is installed set-uid and executed by root, it by default drops its
+privileges to match the owner and group of the binary.  This option makes uuidd
+keep its privileges.
+.TP
 .B \-q
 Suppress some failure messages.
 .TP
diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c
index 4b04390..54978aa 100644
--- a/misc-utils/uuidd.c
+++ b/misc-utils/uuidd.c
@@ -70,6 +70,7 @@ static void __attribute__ ((__noreturn__)) usage(FILE * out)
 		" -P, --no-pid            do not create pid file\n"
 		" -F, --no-fork           do not daemonize using double-fork\n"
 		" -S, --socket-activation do not create listening socket\n"
+		" -K, --keep-privs 	  do not drop privileges\n"
 		" -d, --debug             run in debugging mode\n"
 		" -q, --quiet             turn on quiet mode\n"
 		" -V, --version           output version information and exit\n"
@@ -546,6 +547,7 @@ int main(int argc, char **argv)
 		{"no-pid", no_argument, NULL, 'P'},
 		{"no-fork", no_argument, NULL, 'F'},
 		{"socket-activation", no_argument, NULL, 'S'},
+		{"keep-privs", no_argument, NULL, 'K'},
 		{"debug", no_argument, NULL, 'd'},
 		{"quiet", no_argument, NULL, 'q'},
 		{"version", no_argument, NULL, 'V'},
@@ -558,7 +560,7 @@ int main(int argc, char **argv)
 	textdomain(PACKAGE);
 
 	while ((c =
-		getopt_long(argc, argv, "p:s:T:krtn:PFSdqVh", longopts,
+		getopt_long(argc, argv, "p:s:T:krtn:PFSKdqVh", longopts,
 			    NULL)) != -1) {
 		switch (c) {
 		case 'd':
@@ -595,6 +597,9 @@ int main(int argc, char **argv)
 			return EXIT_FAILURE;
 #endif
 			break;
+		case 'K':
+			drop_privs = 0;
+			break;
 		case 'q':
 			quiet++;
 			break;
-- 
1.7.7

--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





