moved privileges drop after port reservation to handle
a bug similar to #247985
This commit is contained in:
parent
fcb02b789c
commit
9cfed7116a
47
netkit-rwall-0.17-droppriv.patch
Normal file
47
netkit-rwall-0.17-droppriv.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
diff -up netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug netkit-rwall-0.17/rpc.rwalld/rwalld.c
|
||||||
|
--- netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug 2011-08-01 15:22:08.886396602 +0200
|
||||||
|
+++ netkit-rwall-0.17/rpc.rwalld/rwalld.c 2011-08-01 15:22:08.901396602 +0200
|
||||||
|
@@ -90,20 +90,6 @@ main(int argc, char *argv[])
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (getuid() == 0 || geteuid() == 0) {
|
||||||
|
- struct passwd *pwd = getpwnam("nobody");
|
||||||
|
- if (pwd) {
|
||||||
|
- initgroups(pwd->pw_name, pwd->pw_gid);
|
||||||
|
- setgid(pwd->pw_gid);
|
||||||
|
- setuid(pwd->pw_uid);
|
||||||
|
- }
|
||||||
|
- seteuid(0); /* this should fail */
|
||||||
|
- if (getuid() == 0 || geteuid() == 0) {
|
||||||
|
- syslog(LOG_CRIT, "can't drop root privileges");
|
||||||
|
- exit(1);
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
/*
|
||||||
|
* See if inetd started us
|
||||||
|
*/
|
||||||
|
@@ -153,6 +139,22 @@ main(int argc, char *argv[])
|
||||||
|
(void)fprintf(stderr, "unable to register (WALLPROG, WALLVERS, udp).\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ /* Drop privilege */
|
||||||
|
+ if (getuid() == 0 || geteuid() == 0) {
|
||||||
|
+ struct passwd *pwd = getpwnam("nobody");
|
||||||
|
+ if (pwd) {
|
||||||
|
+ initgroups(pwd->pw_name, pwd->pw_gid);
|
||||||
|
+ setgid(pwd->pw_gid);
|
||||||
|
+ setuid(pwd->pw_uid);
|
||||||
|
+ }
|
||||||
|
+ seteuid(0); /* this should fail */
|
||||||
|
+ if (getuid() == 0 || geteuid() == 0) {
|
||||||
|
+ syslog(LOG_CRIT, "can't drop root privileges");
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
svc_run();
|
||||||
|
(void)fprintf(stderr, "svc_run returned\n");
|
||||||
|
exit(1);
|
30
rwall.spec
30
rwall.spec
@ -1,14 +1,16 @@
|
|||||||
Summary: Client for sending messages to a host's logged in users.
|
Summary: Client for sending messages to a host's logged in users
|
||||||
Name: rwall
|
Name: rwall
|
||||||
Version: 0.17
|
Version: 0.17
|
||||||
Release: 31%{?dist}
|
Release: 32%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
|
Url: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
|
Source: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
|
||||||
Source1: rwalld.init
|
Source1: rwalld.init
|
||||||
Patch1: netkit-rwalld-0.10-banner.patch
|
Patch1: netkit-rwalld-0.10-banner.patch
|
||||||
Patch2: netkit-rwall-0.17-strip.patch
|
Patch2: netkit-rwall-0.17-strip.patch
|
||||||
Patch3: netkit-rwall-0.17-netgroup.patch
|
Patch3: netkit-rwall-0.17-netgroup.patch
|
||||||
|
Patch4: netkit-rwall-0.17-droppriv.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-root
|
BuildRoot: %{_tmppath}/%{name}-root
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -22,9 +24,9 @@ Install rwall if you'd like the ability to send messages to users
|
|||||||
logged in to a specified host machine.
|
logged in to a specified host machine.
|
||||||
|
|
||||||
%package server
|
%package server
|
||||||
Summary: Server for sending messages to a host's logged in users.
|
Summary: Server for sending messages to a host's logged in users
|
||||||
Prereq: /sbin/chkconfig /etc/init.d
|
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
Requires(pre): /sbin/chkconfig /etc/init.d
|
||||||
Requires: portmap
|
Requires: portmap
|
||||||
|
|
||||||
%description server
|
%description server
|
||||||
@ -42,6 +44,7 @@ from users on remote hosts.
|
|||||||
%patch1 -p1 -b .banner
|
%patch1 -p1 -b .banner
|
||||||
%patch2 -p1 -b .strip
|
%patch2 -p1 -b .strip
|
||||||
%patch3 -p1 -b .netgroup
|
%patch3 -p1 -b .netgroup
|
||||||
|
%patch4 -p1 -b .droppriv
|
||||||
|
|
||||||
%build
|
%build
|
||||||
sh configure --with-c-compiler=gcc
|
sh configure --with-c-compiler=gcc
|
||||||
@ -67,17 +70,13 @@ sh configure --with-c-compiler=gcc
|
|||||||
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"
|
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf ${RPM_BUILD_ROOT}
|
|
||||||
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
|
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
|
||||||
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
|
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
|
||||||
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,8}
|
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,8}
|
||||||
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/init.d
|
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/init.d
|
||||||
|
|
||||||
make INSTALLROOT=${RPM_BUILD_ROOT} install
|
make INSTALLROOT=${RPM_BUILD_ROOT} install
|
||||||
install -m 755 $RPM_SOURCE_DIR/rwalld.init ${RPM_BUILD_ROOT}/etc/rc.d/init.d/rwalld
|
install -m 755 %SOURCE1 ${RPM_BUILD_ROOT}%{_initrddir}/rwalld
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf ${RPM_BUILD_ROOT}
|
|
||||||
|
|
||||||
%post server
|
%post server
|
||||||
/sbin/chkconfig --add rwalld
|
/sbin/chkconfig --add rwalld
|
||||||
@ -97,9 +96,14 @@ fi
|
|||||||
%{_sbindir}/rpc.rwalld
|
%{_sbindir}/rpc.rwalld
|
||||||
%{_mandir}/man8/rpc.rwalld.8*
|
%{_mandir}/man8/rpc.rwalld.8*
|
||||||
%{_mandir}/man8/rwalld.8*
|
%{_mandir}/man8/rwalld.8*
|
||||||
%config /etc/rc.d/init.d/rwalld
|
%{_initrddir}/rwalld
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 01 2011 Honza Horak <hhorak@redhat.com> - 0.17-32
|
||||||
|
- moved privileges drop after port reservation to handle
|
||||||
|
a bug similar to #247985
|
||||||
|
- fixed rpmlint errors
|
||||||
|
|
||||||
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-31
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-31
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
@ -213,7 +217,7 @@ fi
|
|||||||
- compress man pages.
|
- compress man pages.
|
||||||
|
|
||||||
* Sat Feb 5 2000 Florian La Roche <Florian.LaRoche@redhat.com>
|
* Sat Feb 5 2000 Florian La Roche <Florian.LaRoche@redhat.com>
|
||||||
- change %postun to %preun
|
- change %%postun to %%preun
|
||||||
|
|
||||||
* Wed Feb 02 2000 Cristian Gafton <gafton@redhat.com>
|
* Wed Feb 02 2000 Cristian Gafton <gafton@redhat.com>
|
||||||
- fix descriptions and summary
|
- fix descriptions and summary
|
||||||
@ -246,7 +250,7 @@ fi
|
|||||||
|
|
||||||
* Sun Oct 19 1997 Erik Troan <ewt@redhat.com>
|
* Sun Oct 19 1997 Erik Troan <ewt@redhat.com>
|
||||||
- added a chkconfig compatible initscript
|
- added a chkconfig compatible initscript
|
||||||
- added %attr attributes
|
- added %%attr attributes
|
||||||
|
|
||||||
* Tue Jul 15 1997 Erik Troan <ewt@redhat.com>
|
* Tue Jul 15 1997 Erik Troan <ewt@redhat.com>
|
||||||
- initial build
|
- initial build
|
||||||
|
@ -8,8 +8,8 @@
|
|||||||
|
|
||||||
### BEGIN INIT INFO
|
### BEGIN INIT INFO
|
||||||
# Provides: rpc.rwalld
|
# Provides: rpc.rwalld
|
||||||
# Required-Start: $syslog $network
|
# Required-Start: $syslog $network $rpcbind
|
||||||
# Required-Stop: $syslog $network
|
# Required-Stop: $syslog $network $rpcbind
|
||||||
# Default-Start:
|
# Default-Start:
|
||||||
# Default-Stop: 0 1 2 3 4 5 6
|
# Default-Stop: 0 1 2 3 4 5 6
|
||||||
# Short-Description: start and stop rpc.rwalld
|
# Short-Description: start and stop rpc.rwalld
|
||||||
|
Loading…
Reference in New Issue
Block a user