bin/146266: commit references a PR

dfilter service dfilter at FreeBSD.ORG
Mon May 3 19:50:03 UTC 2010 

The following reply was made to PR bin/146266; it has been noted by GNATS.

From: dfilter at FreeBSD.ORG (dfilter service)
To: bug-followup at FreeBSD.org
Cc:  
Subject: Re: bin/146266: commit references a PR
Date: Mon,  3 May 2010 19:48:40 +0000 (UTC)

 Author: delphij
 Date: Mon May  3 19:48:21 2010
 New Revision: 207582
 URL: http://svn.freebsd.org/changeset/base/207582
 
 Log:
   MFC r147906-201389, this sync'ed daemon(8) with -HEAD except the
   WARNS change.
   
   The most important change is the newly added privilege dropping
   feature by trhodes and others.
   
   Requested by:	glarkin
   PR:		bin/146266
 
 Modified:
   stable/6/usr.sbin/daemon/daemon.8
   stable/6/usr.sbin/daemon/daemon.c
 Directory Properties:
   stable/6/usr.sbin/daemon/   (props changed)
 
 Modified: stable/6/usr.sbin/daemon/daemon.8
 ==============================================================================
 --- stable/6/usr.sbin/daemon/daemon.8	Mon May  3 19:38:59 2010	(r207581)
 +++ stable/6/usr.sbin/daemon/daemon.8	Mon May  3 19:48:21 2010	(r207582)
 @@ -26,7 +26,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd August 30, 2001
 +.Dd March 19, 2007
  .Dt DAEMON 8
  .Os
  .Sh NAME
 @@ -36,12 +36,14 @@
  .Nm
  .Op Fl cf
  .Op Fl p Ar pidfile
 +.Op Fl u Ar user
  .Ar command arguments ...
  .Sh DESCRIPTION
  The
  .Nm
  utility detaches itself from the controlling terminal and
  executes the program specified by its arguments.
 +Privileges may be lowered to the specified user.
  .Pp
  The options are as follows:
  .Bl -tag -width indent
 @@ -54,12 +56,14 @@ Redirect standard input, standard output
  .It Fl p Ar file
  Write the ID of the created process into the
  .Ar file
 -using
 +using the
  .Xr pidfile 3
  functionality.
  Note, that the file will be created shortly before the process is
  actually executed, and will remain after the process exits (although
  it will be removed if the execution fails).
 +.It Fl u Ar user
 +Run the program with the rights of user specified, requires privilege.
  .El
  .Sh EXIT STATUS
  The
 @@ -77,6 +81,8 @@ standard error unless the
  .Fl f
  flag is specified.
  .Sh SEE ALSO
 +.Xr setregid 2 ,
 +.Xr setreuid 2 ,
  .Xr daemon 3 ,
  .Xr exec 3 ,
  .Xr pidfile 3 ,
 
 Modified: stable/6/usr.sbin/daemon/daemon.c
 ==============================================================================
 --- stable/6/usr.sbin/daemon/daemon.c	Mon May  3 19:38:59 2010	(r207581)
 +++ stable/6/usr.sbin/daemon/daemon.c	Mon May  3 19:48:21 2010	(r207582)
 @@ -35,24 +35,27 @@ __FBSDID("$FreeBSD$");
  
  #include <err.h>
  #include <errno.h>
 +#include <pwd.h>
  #include <libutil.h>
 +#include <login_cap.h>
  #include <stdio.h>
  #include <stdlib.h>
  #include <unistd.h>
  
 +static void restrict_process(const char *);
  static void usage(void);
  
  int
  main(int argc, char *argv[])
  {
 -	struct pidfh *pfh;
 +	struct pidfh *pfh = NULL;
  	int ch, nochdir, noclose, errcode;
 -	const char *pidfile;
 +	const char *pidfile, *user;
  	pid_t otherpid;
  
  	nochdir = noclose = 1;
 -	pidfile = NULL;
 -	while ((ch = getopt(argc, argv, "-cfp:")) != -1) {
 +	pidfile = user = NULL;
 +	while ((ch = getopt(argc, argv, "-cfp:u:")) != -1) {
  		switch (ch) {
  		case 'c':
  			nochdir = 0;
 @@ -63,6 +66,9 @@ main(int argc, char *argv[])
  		case 'p':
  			pidfile = optarg;
  			break;
 +		case 'u':
 +			user = optarg;
 +			break;
  		default:
  			usage();
  		}
 @@ -72,6 +78,10 @@ main(int argc, char *argv[])
  
  	if (argc == 0)
  		usage();
 +
 +	if (user != NULL)
 +		restrict_process(user);
 +
  	/*
  	 * Try to open the pidfile before calling daemon(3),
  	 * to be able to report the error intelligently
 @@ -109,9 +119,23 @@ main(int argc, char *argv[])
  }
  
  static void
 +restrict_process(const char *user)
 +{
 +	struct passwd *pw = NULL;
 +
 +	pw = getpwnam(user);
 +	if (pw == NULL)
 +		errx(1, "unknown user: %s", user);
 +
 +	if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0)
 +		errx(1, "failed to set user environment");
 +}
 +
 +static void
  usage(void)
  {
  	(void)fprintf(stderr,
 -	    "usage: daemon [-cf] [-p pidfile] command arguments ...\n");
 +	    "usage: daemon [-cf] [-p pidfile] [-u user] command "
 +		"arguments ...\n");
  	exit(1);
  }
 _______________________________________________
 svn-src-all at freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe at freebsd.org"

More information about the freebsd-bugs mailing list