diff options
| author | Petr Uzel | 2012-05-03 21:01:56 +0200 |
|---|---|---|
| committer | Karel Zak | 2012-05-04 15:14:11 +0200 |
| commit | cb20279fb047b9dc8d0a8dce651ca5e049c9c75d (patch) | |
| tree | 74dcbd9bd14dec021cf3a43363d5377126f7adfa /misc-utils/uuidd.c | |
| parent | uuidd: print all debugging information to stderr (diff) | |
| download | kernel-qcow2-util-linux-cb20279fb047b9dc8d0a8dce651ca5e049c9c75d.tar.gz kernel-qcow2-util-linux-cb20279fb047b9dc8d0a8dce651ca5e049c9c75d.tar.xz kernel-qcow2-util-linux-cb20279fb047b9dc8d0a8dce651ca5e049c9c75d.zip | |
uuidd: do not drop privileges
libuuid can (for now) spawn uuidd on-demand. To support this scenario,
uuidd should be installed setuid/setgid to have access to
/var/lib/libuuid/clock.txt. Therefore, dropping the privileges is
not functional, so removing this ability.
Moreover, the ability to spawn uuidd on-demand will be removed anyway.
References: http://www.spinics.net/lists/util-linux-ng/msg05934.html
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
Diffstat (limited to 'misc-utils/uuidd.c')
| -rw-r--r-- | misc-utils/uuidd.c | 32 |
1 files changed, 1 insertions, 31 deletions
diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c index fafc8d1ef..684e49446 100644 --- a/misc-utils/uuidd.c +++ b/misc-utils/uuidd.c @@ -503,11 +503,9 @@ int main(int argc, char **argv) char buf[1024], *cp; char str[UUID_STR_LEN], *tmp; uuid_t uu; - uid_t uid; - gid_t gid; int i, c, ret; int debug = 0, do_type = 0, do_kill = 0, num = 0; - int timeout = 0, quiet = 0, drop_privs = 0; + int timeout = 0, quiet = 0; int no_pid = 0, no_fork = 0; int no_sock = 0, s_flag = 0; @@ -540,11 +538,9 @@ int main(int argc, char **argv) switch (c) { case 'd': debug++; - drop_privs = 1; break; case 'k': do_kill++; - drop_privs = 1; break; case 'n': num = strtol(optarg, &tmp, 0); @@ -555,20 +551,16 @@ int main(int argc, char **argv) break; case 'p': pidfile_path_param = optarg; - drop_privs = 1; break; case 'P': no_pid = 1; - drop_privs = 1; break; case 'F': no_fork = 1; - drop_privs = 1; break; case 'S': #ifdef USE_SOCKET_ACTIVATION no_sock = 1; - drop_privs = 1; no_fork = 1; no_pid = 1; #else @@ -582,16 +574,13 @@ int main(int argc, char **argv) break; case 'r': do_type = UUIDD_OP_RANDOM_UUID; - drop_privs = 1; break; case 's': socket_path = optarg; s_flag = 1; - drop_privs = 1; break; case 't': do_type = UUIDD_OP_TIME_UUID; - drop_privs = 1; break; case 'T': timeout = strtol(optarg, &tmp, 0); @@ -626,25 +615,6 @@ int main(int argc, char **argv) fprintf(stderr, _("Both --socket-activation and --socket specified. " "Ignoring --socket\n")); - uid = getuid(); - if (uid && drop_privs) { - gid = getgid(); -#ifdef HAVE_SETRESGID - if (setresgid(gid, gid, gid) < 0) - err(EXIT_FAILURE, "setresgid"); -#else - if (setregid(gid, gid) < 0) - err(EXIT_FAILURE, "setregid"); -#endif - -#ifdef HAVE_SETRESUID - if (setresuid(uid, uid, uid) < 0) - err(EXIT_FAILURE, "setresuid"); -#else - if (setreuid(uid, uid) < 0) - err(EXIT_FAILURE, "setreuid"); -#endif - } if (num && do_type) { ret = call_daemon(socket_path, do_type + 2, buf, sizeof(buf), &num, &err_context); |