On 06.01.2012 2:48, Guy Helmer wrote:
Author: ghelmer
Date: Thu Jan 5 22:48:36 2012
New Revision: 229667
URL: http://svn.freebsd.org/changeset/base/229667
Log:
Allow daemon(8) to run pidfile_open() before relenquishing privileges
so pid files can be written in /var/run when started as root.
I do not expect this to cause any security issues, but if anyone objects
it could be easily reverted.
You can't read pidfile by the user that you specify by '-u' flag.
That's not good. IMHO, the right way to solve this problem is to create
directory in /var/run from post-install script with sufficient
privileges to create pidfiles.
Also, the idea about close-on-exec flag is good, but not for daemon(8).
Opened pidfile uses as an exclusive lock, that prevents from running
any other daemon with this pidfile.
PR: bin/159568
MFC after: 4 weeks
Modified:
head/usr.sbin/daemon/daemon.c
Modified: head/usr.sbin/daemon/daemon.c
==============================================================================
--- head/usr.sbin/daemon/daemon.c Thu Jan 5 22:31:25 2012
(r229666)
+++ head/usr.sbin/daemon/daemon.c Thu Jan 5 22:48:36 2012
(r229667)
@@ -79,9 +79,6 @@ main(int argc, char *argv[])
if (argc == 0)
usage();
- if (user != NULL)
- restrict_process(user);
-
/*
* Try to open the pidfile before calling daemon(3),
* to be able to report the error intelligently
@@ -97,6 +94,9 @@ main(int argc, char *argv[])
}
}
+ if (user != NULL)
+ restrict_process(user);
+
if (daemon(nochdir, noclose) == -1)
err(1, NULL);
_______________________________________________
svn-src-...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
--
Andrey Zonov
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
