moved privileges drop after port reservation to handle

a bug similar to #247985
2011-08-02 11:48:25 +02:00 · 2011-08-02 11:48:25 +02:00 · 9cfed7116a
parent fcb02b789c
commit 9cfed7116a
3 changed files with 66 additions and 15 deletions
--- a/netkit-rwall-0.17-droppriv.patch
+++ b/netkit-rwall-0.17-droppriv.patch
@ -0,0 +1,47 @@
+diff -up netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug netkit-rwall-0.17/rpc.rwalld/rwalld.c
+--- netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug	2011-08-01 15:22:08.886396602 +0200
+++ netkit-rwall-0.17/rpc.rwalld/rwalld.c	2011-08-01 15:22:08.901396602 +0200
+@@ -90,20 +90,6 @@ main(int argc, char *argv[])
+ 		exit(1);
+ 	}
+ 
+-	if (getuid() == 0 || geteuid() == 0) {
+-		struct passwd *pwd = getpwnam("nobody");
+-		if (pwd) {
+-			initgroups(pwd->pw_name, pwd->pw_gid);
+-			setgid(pwd->pw_gid);
+-			setuid(pwd->pw_uid);
+-		}
+-		seteuid(0);  /* this should fail */
+-		if (getuid() == 0 || geteuid() == 0) {
+-			syslog(LOG_CRIT, "can't drop root privileges");
+-			exit(1);
+-		}
+-	}
+-
+         /*
+          * See if inetd started us
+          */
+@@ -153,6 +139,22 @@ main(int argc, char *argv[])
+ 		(void)fprintf(stderr, "unable to register (WALLPROG, WALLVERS, udp).\n");
+ 		exit(1);
+ 	}
+
+	/* Drop privilege */
+	if (getuid() == 0 || geteuid() == 0) {
+		struct passwd *pwd = getpwnam("nobody");
+		if (pwd) {
+			initgroups(pwd->pw_name, pwd->pw_gid);
+			setgid(pwd->pw_gid);
+			setuid(pwd->pw_uid);
+		}
+		seteuid(0);  /* this should fail */
+		if (getuid() == 0 || geteuid() == 0) {
+			syslog(LOG_CRIT, "can't drop root privileges");
+			exit(1);
+		}
+	}
+
+ 	svc_run();
+ 	(void)fprintf(stderr, "svc_run returned\n");
+ 	exit(1);
--- a/rwall.spec
+++ b/rwall.spec
@ -1,14 +1,16 @@
-Summary: Client for sending messages to a host's logged in users.
+Summary: Client for sending messages to a host's logged in users
 Name: rwall
 Version: 0.17
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: BSD
+Url: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/
 Group: System Environment/Daemons
-Source: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
+Source: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
 Source1: rwalld.init
 Patch1: netkit-rwalld-0.10-banner.patch
 Patch2: netkit-rwall-0.17-strip.patch
 Patch3: netkit-rwall-0.17-netgroup.patch
+Patch4: netkit-rwall-0.17-droppriv.patch
 BuildRoot: %{_tmppath}/%{name}-root

 %description
@ -22,9 +24,9 @@ Install rwall if you'd like the ability to send messages to users
 logged in to a specified host machine.

 %package server
-Summary: Server for sending messages to a host's logged in users.
-Prereq: /sbin/chkconfig /etc/init.d
+Summary: Server for sending messages to a host's logged in users
 Group: System Environment/Daemons
+Requires(pre): /sbin/chkconfig /etc/init.d
 Requires: portmap

 %description server
@ -42,6 +44,7 @@ from users on remote hosts.
 %patch1 -p1 -b .banner
 %patch2 -p1 -b .strip
 %patch3 -p1 -b .netgroup
+%patch4 -p1 -b .droppriv

 %build
 sh configure --with-c-compiler=gcc
@ -67,17 +70,13 @@ sh configure --with-c-compiler=gcc
 make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"

 %install
-rm -rf ${RPM_BUILD_ROOT}
 mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
 mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,8}
 mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/init.d

 make INSTALLROOT=${RPM_BUILD_ROOT} install
-install -m 755 $RPM_SOURCE_DIR/rwalld.init ${RPM_BUILD_ROOT}/etc/rc.d/init.d/rwalld
-
-%clean
-rm -rf ${RPM_BUILD_ROOT}
+install -m 755 %SOURCE1 ${RPM_BUILD_ROOT}%{_initrddir}/rwalld

 %post server
 /sbin/chkconfig --add rwalld
@ -97,9 +96,14 @@ fi
 %{_sbindir}/rpc.rwalld
 %{_mandir}/man8/rpc.rwalld.8*
 %{_mandir}/man8/rwalld.8*
-%config /etc/rc.d/init.d/rwalld
+%{_initrddir}/rwalld

 %changelog
+* Mon Aug 01 2011 Honza Horak <hhorak@redhat.com> - 0.17-32
+- moved privileges drop after port reservation to handle 
+  a bug similar to #247985
+- fixed rpmlint errors
+
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-31
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

@ -213,7 +217,7 @@ fi
 - compress man pages.

 * Sat Feb  5 2000 Florian La Roche <Florian.LaRoche@redhat.com>
- change %postun to %preun
+- change %%postun to %%preun

 * Wed Feb 02 2000 Cristian Gafton <gafton@redhat.com>
 - fix descriptions and summary
@ -246,7 +250,7 @@ fi

 * Sun Oct 19 1997 Erik Troan <ewt@redhat.com>
 - added a chkconfig compatible initscript
- added %attr attributes
+- added %%attr attributes

 * Tue Jul 15 1997 Erik Troan <ewt@redhat.com>
 - initial build
--- a/rwalld.init
+++ b/rwalld.init
@ -8,8 +8,8 @@

 ### BEGIN INIT INFO
 # Provides: rpc.rwalld
-# Required-Start: $syslog $network
-# Required-Stop:  $syslog $network
+# Required-Start: $syslog $network $rpcbind
+# Required-Stop:  $syslog $network $rpcbind
 # Default-Start:
 # Default-Stop: 0 1 2 3 4 5 6
 # Short-Description: start and stop rpc.rwalld