svn commit: r229667 - head/usr.sbin/daemon
Andrey Zonov
andrey at zonov.org
Sun Jan 15 12:09:42 UTC 2012
On 06.01.2012 2:48, Guy Helmer wrote:
> Author: ghelmer
> Date: Thu Jan 5 22:48:36 2012
> New Revision: 229667
> URL: http://svn.freebsd.org/changeset/base/229667
>
> Log:
> Allow daemon(8) to run pidfile_open() before relenquishing privileges
> so pid files can be written in /var/run when started as root.
>
> I do not expect this to cause any security issues, but if anyone objects
> it could be easily reverted.
You can't read pidfile by the user that you specify by '-u' flag.
That's not good. IMHO, the right way to solve this problem is to create
directory in /var/run from post-install script with sufficient
privileges to create pidfiles.
Also, the idea about close-on-exec flag is good, but not for daemon(8).
Opened pidfile uses as an exclusive lock, that prevents from running
any other daemon with this pidfile.
>
> PR: bin/159568
> MFC after: 4 weeks
>
> Modified:
> head/usr.sbin/daemon/daemon.c
>
> Modified: head/usr.sbin/daemon/daemon.c
> ==============================================================================
> --- head/usr.sbin/daemon/daemon.c Thu Jan 5 22:31:25 2012 (r229666)
> +++ head/usr.sbin/daemon/daemon.c Thu Jan 5 22:48:36 2012 (r229667)
> @@ -79,9 +79,6 @@ main(int argc, char *argv[])
> if (argc == 0)
> usage();
>
> - if (user != NULL)
> - restrict_process(user);
> -
> /*
> * Try to open the pidfile before calling daemon(3),
> * to be able to report the error intelligently
> @@ -97,6 +94,9 @@ main(int argc, char *argv[])
> }
> }
>
> + if (user != NULL)
> + restrict_process(user);
> +
> if (daemon(nochdir, noclose) == -1)
> err(1, NULL);
>
> _______________________________________________
> svn-src-all at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscribe at freebsd.org"
--
Andrey Zonov
More information about the svn-src-head
mailing list