Mike Kasick <mkas...@club.cc.cmu.edu> writes: > > It appears that halevt does not setup supplemental groups (i.e., doesn't > call initgroups) when changing ids to a non-root user. This means that the > halevt daemon does not have permission to access files/devices owned by a > group for which user "halevt" is a member, but are not owned by user > "halevt" or group "plugdev" themselves. >
Good point! :) > As it turns out this bug is a regression. Although halevt itself never > called initgroups, the Debian halevt init.d script in version 0.1.5-4 and > below ran halevt as a non-root user via start-stop-daemon's -c and -g > options, and thus the "change id" code in halevt itself was always > bypassed. > > It's unclear from the changelog why the "change id" responsibility was > shifted from start-stop-daemon to halevt. Personally I find the former to > be strategic from a security perspective--that is, leave the privileged > operations solely to a well trusted program (start-stop-daemon) since > halevt itself does not need root privileges except to change users. > Hey, halevt cannot change to an user if it isn't executed by root. > In any event, if the change to have halevt switch users itself is intended, > then attached is a patch which adds the appropriate initgroups call to > halevt. I've tested it, and it works well to fix the problem. > Your patch is OK, but it have a small problem. You cannot invoke initgroups after changed the user. Patch corrected attached. Thanks for your report and patch!
diff -urN a/src/manager.c b/src/manager.c
--- a/src/manager.c 2010-05-30 14:48:02.000000000 -0300
+++ b/src/manager.c 2010-09-07 18:01:04.000000000 -0300
@@ -326,6 +326,11 @@
exit(1);
}
gid = group_struct->gr_gid;
+ if (initgroups(user, gid) != 0)
+ {
+ DEBUG(_("Error setting initgroups for %s, %u: %s"), user, gid, strerror(errno));
+ exit(1);
+ }
if (setgid(gid) != 0)
{
DEBUG(_("Error setting gid to %u: %s"), gid, strerror(errno));
pgp3KFtl6Itd6.pgp
Description: PGP signature
