|
|
|
[PATCH 10/15] uuidd: do not drop privileges | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
libuuid can (for now) spawn uuidd on-demand. To support this scenario,
uuidd should be installed setuid/setgid to have access to
/var/lib/libuuid/clock.txt. Therefore, dropping the privileges is
not functional, so removing this ability.
Moreover, the ability to spawn uuidd on-demand will be removed anyway.
References: http://www.spinics.net/lists/util-linux-ng/msg05934.html
Signed-off-by: Petr Uzel <petr.uzel@xxxxxxx>
---
misc-utils/uuidd.c | 32 +-------------------------------
1 files changed, 1 insertions(+), 31 deletions(-)
diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c
index fafc8d1..684e494 100644
--- a/misc-utils/uuidd.c
+++ b/misc-utils/uuidd.c
@@ -503,11 +503,9 @@ int main(int argc, char **argv)
char buf[1024], *cp;
char str[UUID_STR_LEN], *tmp;
uuid_t uu;
- uid_t uid;
- gid_t gid;
int i, c, ret;
int debug = 0, do_type = 0, do_kill = 0, num = 0;
- int timeout = 0, quiet = 0, drop_privs = 0;
+ int timeout = 0, quiet = 0;
int no_pid = 0, no_fork = 0;
int no_sock = 0, s_flag = 0;
@@ -540,11 +538,9 @@ int main(int argc, char **argv)
switch (c) {
case 'd':
debug++;
- drop_privs = 1;
break;
case 'k':
do_kill++;
- drop_privs = 1;
break;
case 'n':
num = strtol(optarg, &tmp, 0);
@@ -555,20 +551,16 @@ int main(int argc, char **argv)
break;
case 'p':
pidfile_path_param = optarg;
- drop_privs = 1;
break;
case 'P':
no_pid = 1;
- drop_privs = 1;
break;
case 'F':
no_fork = 1;
- drop_privs = 1;
break;
case 'S':
#ifdef USE_SOCKET_ACTIVATION
no_sock = 1;
- drop_privs = 1;
no_fork = 1;
no_pid = 1;
#else
@@ -582,16 +574,13 @@ int main(int argc, char **argv)
break;
case 'r':
do_type = UUIDD_OP_RANDOM_UUID;
- drop_privs = 1;
break;
case 's':
socket_path = optarg;
s_flag = 1;
- drop_privs = 1;
break;
case 't':
do_type = UUIDD_OP_TIME_UUID;
- drop_privs = 1;
break;
case 'T':
timeout = strtol(optarg, &tmp, 0);
@@ -626,25 +615,6 @@ int main(int argc, char **argv)
fprintf(stderr, _("Both --socket-activation and --socket specified. "
"Ignoring --socket\n"));
- uid = getuid();
- if (uid && drop_privs) {
- gid = getgid();
-#ifdef HAVE_SETRESGID
- if (setresgid(gid, gid, gid) < 0)
- err(EXIT_FAILURE, "setresgid");
-#else
- if (setregid(gid, gid) < 0)
- err(EXIT_FAILURE, "setregid");
-#endif
-
-#ifdef HAVE_SETRESUID
- if (setresuid(uid, uid, uid) < 0)
- err(EXIT_FAILURE, "setresuid");
-#else
- if (setreuid(uid, uid) < 0)
- err(EXIT_FAILURE, "setreuid");
-#endif
- }
if (num && do_type) {
ret = call_daemon(socket_path, do_type + 2, buf,
sizeof(buf), &num, &err_context);
--
1.7.7
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Site Home] [Netdev] [Ethernet Bridging] [Linux Wireless] [Kernel Newbies] [Memory] [Security] [Linux for Hams] [Netfilter] [Bugtraq] [Rubini] [Photo] [Yosemite] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux RAID] [Linux Admin] [Samba] [Video 4 Linux] [Linux Resources]