moved privileges drop after port reservation to handle
a bug similar to #247985
This commit is contained in:
parent
fcb02b789c
commit
9cfed7116a
|
@ -0,0 +1,47 @@
|
|||
diff -up netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug netkit-rwall-0.17/rpc.rwalld/rwalld.c
|
||||
--- netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug 2011-08-01 15:22:08.886396602 +0200
|
||||
+++ netkit-rwall-0.17/rpc.rwalld/rwalld.c 2011-08-01 15:22:08.901396602 +0200
|
||||
@@ -90,20 +90,6 @@ main(int argc, char *argv[])
|
||||
exit(1);
|
||||
}
|
||||
|
||||
- if (getuid() == 0 || geteuid() == 0) {
|
||||
- struct passwd *pwd = getpwnam("nobody");
|
||||
- if (pwd) {
|
||||
- initgroups(pwd->pw_name, pwd->pw_gid);
|
||||
- setgid(pwd->pw_gid);
|
||||
- setuid(pwd->pw_uid);
|
||||
- }
|
||||
- seteuid(0); /* this should fail */
|
||||
- if (getuid() == 0 || geteuid() == 0) {
|
||||
- syslog(LOG_CRIT, "can't drop root privileges");
|
||||
- exit(1);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
/*
|
||||
* See if inetd started us
|
||||
*/
|
||||
@@ -153,6 +139,22 @@ main(int argc, char *argv[])
|
||||
(void)fprintf(stderr, "unable to register (WALLPROG, WALLVERS, udp).\n");
|
||||
exit(1);
|
||||
}
|
||||
+
|
||||
+ /* Drop privilege */
|
||||
+ if (getuid() == 0 || geteuid() == 0) {
|
||||
+ struct passwd *pwd = getpwnam("nobody");
|
||||
+ if (pwd) {
|
||||
+ initgroups(pwd->pw_name, pwd->pw_gid);
|
||||
+ setgid(pwd->pw_gid);
|
||||
+ setuid(pwd->pw_uid);
|
||||
+ }
|
||||
+ seteuid(0); /* this should fail */
|
||||
+ if (getuid() == 0 || geteuid() == 0) {
|
||||
+ syslog(LOG_CRIT, "can't drop root privileges");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
svc_run();
|
||||
(void)fprintf(stderr, "svc_run returned\n");
|
||||
exit(1);
|
30
rwall.spec
30
rwall.spec
|
@ -1,14 +1,16 @@
|
|||
Summary: Client for sending messages to a host's logged in users.
|
||||
Summary: Client for sending messages to a host's logged in users
|
||||
Name: rwall
|
||||
Version: 0.17
|
||||
Release: 31%{?dist}
|
||||
Release: 32%{?dist}
|
||||
License: BSD
|
||||
Url: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/
|
||||
Group: System Environment/Daemons
|
||||
Source: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
|
||||
Source: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
|
||||
Source1: rwalld.init
|
||||
Patch1: netkit-rwalld-0.10-banner.patch
|
||||
Patch2: netkit-rwall-0.17-strip.patch
|
||||
Patch3: netkit-rwall-0.17-netgroup.patch
|
||||
Patch4: netkit-rwall-0.17-droppriv.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-root
|
||||
|
||||
%description
|
||||
|
@ -22,9 +24,9 @@ Install rwall if you'd like the ability to send messages to users
|
|||
logged in to a specified host machine.
|
||||
|
||||
%package server
|
||||
Summary: Server for sending messages to a host's logged in users.
|
||||
Prereq: /sbin/chkconfig /etc/init.d
|
||||
Summary: Server for sending messages to a host's logged in users
|
||||
Group: System Environment/Daemons
|
||||
Requires(pre): /sbin/chkconfig /etc/init.d
|
||||
Requires: portmap
|
||||
|
||||
%description server
|
||||
|
@ -42,6 +44,7 @@ from users on remote hosts.
|
|||
%patch1 -p1 -b .banner
|
||||
%patch2 -p1 -b .strip
|
||||
%patch3 -p1 -b .netgroup
|
||||
%patch4 -p1 -b .droppriv
|
||||
|
||||
%build
|
||||
sh configure --with-c-compiler=gcc
|
||||
|
@ -67,17 +70,13 @@ sh configure --with-c-compiler=gcc
|
|||
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"
|
||||
|
||||
%install
|
||||
rm -rf ${RPM_BUILD_ROOT}
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,8}
|
||||
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/init.d
|
||||
|
||||
make INSTALLROOT=${RPM_BUILD_ROOT} install
|
||||
install -m 755 $RPM_SOURCE_DIR/rwalld.init ${RPM_BUILD_ROOT}/etc/rc.d/init.d/rwalld
|
||||
|
||||
%clean
|
||||
rm -rf ${RPM_BUILD_ROOT}
|
||||
install -m 755 %SOURCE1 ${RPM_BUILD_ROOT}%{_initrddir}/rwalld
|
||||
|
||||
%post server
|
||||
/sbin/chkconfig --add rwalld
|
||||
|
@ -97,9 +96,14 @@ fi
|
|||
%{_sbindir}/rpc.rwalld
|
||||
%{_mandir}/man8/rpc.rwalld.8*
|
||||
%{_mandir}/man8/rwalld.8*
|
||||
%config /etc/rc.d/init.d/rwalld
|
||||
%{_initrddir}/rwalld
|
||||
|
||||
%changelog
|
||||
* Mon Aug 01 2011 Honza Horak <hhorak@redhat.com> - 0.17-32
|
||||
- moved privileges drop after port reservation to handle
|
||||
a bug similar to #247985
|
||||
- fixed rpmlint errors
|
||||
|
||||
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.17-31
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
|
@ -213,7 +217,7 @@ fi
|
|||
- compress man pages.
|
||||
|
||||
* Sat Feb 5 2000 Florian La Roche <Florian.LaRoche@redhat.com>
|
||||
- change %postun to %preun
|
||||
- change %%postun to %%preun
|
||||
|
||||
* Wed Feb 02 2000 Cristian Gafton <gafton@redhat.com>
|
||||
- fix descriptions and summary
|
||||
|
@ -246,7 +250,7 @@ fi
|
|||
|
||||
* Sun Oct 19 1997 Erik Troan <ewt@redhat.com>
|
||||
- added a chkconfig compatible initscript
|
||||
- added %attr attributes
|
||||
- added %%attr attributes
|
||||
|
||||
* Tue Jul 15 1997 Erik Troan <ewt@redhat.com>
|
||||
- initial build
|
||||
|
|
|
@ -8,8 +8,8 @@
|
|||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: rpc.rwalld
|
||||
# Required-Start: $syslog $network
|
||||
# Required-Stop: $syslog $network
|
||||
# Required-Start: $syslog $network $rpcbind
|
||||
# Required-Stop: $syslog $network $rpcbind
|
||||
# Default-Start:
|
||||
# Default-Stop: 0 1 2 3 4 5 6
|
||||
# Short-Description: start and stop rpc.rwalld
|
||||
|
|
Loading…
Reference in New Issue