Re: [Bacula-users] [Bacula-devel] New (tested) drop patch

Mon, 10 Jul 2006 10:03:33 -0700 

>>>>> On Sat, 8 Jul 2006 10:09:02 +0200, Kern Sibbald said:
> 
> Hello,
> 
> Well Martin turned out to be right.  The order of the code in the previous 
> patch that I send did not at all work on Linux.  I still think this must be 
> Linux bug, but I also don't think that Linus is going to agree :-)
> 
> This time I have tested the patch here. I don't know why such simple things 
> should be so complicated, because it is virtually impossible to guarantee 
> that it works correctly.  
> 
> However, I am fairly confident that this new code will solve (or at least 
> begin solving) the access problems we have been seeing when users run the Dir 
> and SD as less privileged users/groups.
> 
> Feedback would be welcome.

It doesn't quite work (on FreeBSD 4.9 at least).  The problem is that the
static pointer returned by getgrnam() is corrupted by the call to initgroups()
and hence the call to setgid() sets the wrong group.

Maybe you want to use the variable gid? :-)

Index: src/lib/bsys.c
===================================================================
RCS file: /cvsroot/bacula/bacula/src/lib/bsys.c,v
retrieving revision 1.54
diff -u -r1.54 bsys.c
--- src/lib/bsys.c      8 Jul 2006 07:57:45 -0000       1.54
+++ src/lib/bsys.c      10 Jul 2006 17:00:00 -0000
@@ -652,7 +652,7 @@
    } else {
       gid = passw->pw_gid;
    }
-   if (initgroups(passw->pw_name, passw->pw_gid)) {
+   if (initgroups(passw->pw_name, gid)) {
       berrno be;
       if (gname) {
          Emsg3(M_ERROR_TERM, 0, _("Could not initgroups for group=%s, 
userid=%s: ERR=%s\n"),         
@@ -663,7 +663,7 @@
       }
    }
    if (gname) {
-      if (setgid(group->gr_gid)) {
+      if (setgid(gid)) {
          berrno be;
          Emsg2(M_ERROR_TERM, 0, _("Could not set group=%s: ERR=%s\n"), gname,
             be.strerror());


__Martin


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to