[rwall] moved privileges drop after port reservation to handle a bug similar to #247985
Jan Horak
hhorak at fedoraproject.org
Tue Aug 2 09:49:28 UTC 2011
commit 9cfed7116a745bc73d58df71c3e762c1f1ee15f8
Author: Honza Horák <hhorak at redhat.com>
Date: Tue Aug 2 11:48:25 2011 +0200
moved privileges drop after port reservation to handle
a bug similar to #247985
netkit-rwall-0.17-droppriv.patch | 47 ++++++++++++++++++++++++++++++++++++++
rwall.spec | 30 +++++++++++++----------
rwalld.init | 4 +-
3 files changed, 66 insertions(+), 15 deletions(-)
---
diff --git a/netkit-rwall-0.17-droppriv.patch b/netkit-rwall-0.17-droppriv.patch
new file mode 100644
index 0000000..9159aa6
--- /dev/null
+++ b/netkit-rwall-0.17-droppriv.patch
@@ -0,0 +1,47 @@
+diff -up netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug netkit-rwall-0.17/rpc.rwalld/rwalld.c
+--- netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug 2011-08-01 15:22:08.886396602 +0200
++++ netkit-rwall-0.17/rpc.rwalld/rwalld.c 2011-08-01 15:22:08.901396602 +0200
+@@ -90,20 +90,6 @@ main(int argc, char *argv[])
+ exit(1);
+ }
+
+- if (getuid() == 0 || geteuid() == 0) {
+- struct passwd *pwd = getpwnam("nobody");
+- if (pwd) {
+- initgroups(pwd->pw_name, pwd->pw_gid);
+- setgid(pwd->pw_gid);
+- setuid(pwd->pw_uid);
+- }
+- seteuid(0); /* this should fail */
+- if (getuid() == 0 || geteuid() == 0) {
+- syslog(LOG_CRIT, "can't drop root privileges");
+- exit(1);
+- }
+- }
+-
+ /*
+ * See if inetd started us
+ */
+@@ -153,6 +139,22 @@ main(int argc, char *argv[])
+ (void)fprintf(stderr, "unable to register (WALLPROG, WALLVERS, udp).\n");
+ exit(1);
+ }
++
++ /* Drop privilege */
++ if (getuid() == 0 || geteuid() == 0) {
++ struct passwd *pwd = getpwnam("nobody");
++ if (pwd) {
++ initgroups(pwd->pw_name, pwd->pw_gid);
++ setgid(pwd->pw_gid);
++ setuid(pwd->pw_uid);
++ }
++ seteuid(0); /* this should fail */
++ if (getuid() == 0 || geteuid() == 0) {
++ syslog(LOG_CRIT, "can't drop root privileges");
++ exit(1);
++ }
++ }
++
+ svc_run();
+ (void)fprintf(stderr, "svc_run returned\n");
+ exit(1);
diff --git a/rwall.spec b/rwall.spec
index 6ea5937..d5c2aa2 100644
--- a/rwall.spec
+++ b/rwall.spec
@@ -1,14 +1,16 @@
-Summary: Client for sending messages to a host's logged in users.
+Summary: Client for sending messages to a host's logged in users
Name: rwall
Version: 0.17
-Release: 31%{?dist}
+Release: 32%{?dist}
License: BSD
+Url: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/
Group: System Environment/Daemons
-Source: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
+Source: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
Source1: rwalld.init
Patch1: netkit-rwalld-0.10-banner.patch
Patch2: netkit-rwall-0.17-strip.patch
Patch3: netkit-rwall-0.17-netgroup.patch
+Patch4: netkit-rwall-0.17-droppriv.patch
BuildRoot: %{_tmppath}/%{name}-root
%description
@@ -22,9 +24,9 @@ Install rwall if you'd like the ability to send messages to users
logged in to a specified host machine.
%package server
-Summary: Server for sending messages to a host's logged in users.
-Prereq: /sbin/chkconfig /etc/init.d
+Summary: Server for sending messages to a host's logged in users
Group: System Environment/Daemons
+Requires(pre): /sbin/chkconfig /etc/init.d
Requires: portmap
%description server
@@ -42,6 +44,7 @@ from users on remote hosts.
%patch1 -p1 -b .banner
%patch2 -p1 -b .strip
%patch3 -p1 -b .netgroup
+%patch4 -p1 -b .droppriv
%build
sh configure --with-c-compiler=gcc
@@ -67,17 +70,13 @@ sh configure --with-c-compiler=gcc
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"
%install
-rm -rf ${RPM_BUILD_ROOT}
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,8}
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/init.d
make INSTALLROOT=${RPM_BUILD_ROOT} install
-install -m 755 $RPM_SOURCE_DIR/rwalld.init ${RPM_BUILD_ROOT}/etc/rc.d/init.d/rwalld
-
-%clean
-rm -rf ${RPM_BUILD_ROOT}
+install -m 755 %SOURCE1 ${RPM_BUILD_ROOT}%{_initrddir}/rwalld
%post server
/sbin/chkconfig --add rwalld
@@ -97,9 +96,14 @@ fi
%{_sbindir}/rpc.rwalld
%{_mandir}/man8/rpc.rwalld.8*
%{_mandir}/man8/rwalld.8*
-%config /etc/rc.d/init.d/rwalld
+%{_initrddir}/rwalld
%changelog
+* Mon Aug 01 2011 Honza Horak <hhorak at redhat.com> - 0.17-32
+- moved privileges drop after port reservation to handle
+ a bug similar to #247985
+- fixed rpmlint errors
+
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.17-31
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
@@ -213,7 +217,7 @@ fi
- compress man pages.
* Sat Feb 5 2000 Florian La Roche <Florian.LaRoche at redhat.com>
-- change %postun to %preun
+- change %%postun to %%preun
* Wed Feb 02 2000 Cristian Gafton <gafton at redhat.com>
- fix descriptions and summary
@@ -246,7 +250,7 @@ fi
* Sun Oct 19 1997 Erik Troan <ewt at redhat.com>
- added a chkconfig compatible initscript
-- added %attr attributes
+- added %%attr attributes
* Tue Jul 15 1997 Erik Troan <ewt at redhat.com>
- initial build
diff --git a/rwalld.init b/rwalld.init
index 20f1a82..e4455d6 100755
--- a/rwalld.init
+++ b/rwalld.init
@@ -8,8 +8,8 @@
### BEGIN INIT INFO
# Provides: rpc.rwalld
-# Required-Start: $syslog $network
-# Required-Stop: $syslog $network
+# Required-Start: $syslog $network $rpcbind
+# Required-Stop: $syslog $network $rpcbind
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop rpc.rwalld
More information about the scm-commits
mailing list