[rwall] moved privileges drop after port reservation to handle a bug similar to #247985

Jan Horak hhorak at fedoraproject.org
Tue Aug 2 09:49:28 UTC 2011 

commit 9cfed7116a745bc73d58df71c3e762c1f1ee15f8
Author: Honza Horák <hhorak at redhat.com>
Date:   Tue Aug 2 11:48:25 2011 +0200

    moved privileges drop after port reservation to handle
    a bug similar to #247985

 netkit-rwall-0.17-droppriv.patch |   47 ++++++++++++++++++++++++++++++++++++++
 rwall.spec                       |   30 +++++++++++++----------
 rwalld.init                      |    4 +-
 3 files changed, 66 insertions(+), 15 deletions(-)
---
diff --git a/netkit-rwall-0.17-droppriv.patch b/netkit-rwall-0.17-droppriv.patch
new file mode 100644
index 0000000..9159aa6
--- /dev/null
+++ b/netkit-rwall-0.17-droppriv.patch
@@ -0,0 +1,47 @@
+diff -up netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug netkit-rwall-0.17/rpc.rwalld/rwalld.c
+--- netkit-rwall-0.17/rpc.rwalld/rwalld.c.debug	2011-08-01 15:22:08.886396602 +0200
++++ netkit-rwall-0.17/rpc.rwalld/rwalld.c	2011-08-01 15:22:08.901396602 +0200
+@@ -90,20 +90,6 @@ main(int argc, char *argv[])
+ 		exit(1);
+ 	}
+ 
+-	if (getuid() == 0 || geteuid() == 0) {
+-		struct passwd *pwd = getpwnam("nobody");
+-		if (pwd) {
+-			initgroups(pwd->pw_name, pwd->pw_gid);
+-			setgid(pwd->pw_gid);
+-			setuid(pwd->pw_uid);
+-		}
+-		seteuid(0);  /* this should fail */
+-		if (getuid() == 0 || geteuid() == 0) {
+-			syslog(LOG_CRIT, "can't drop root privileges");
+-			exit(1);
+-		}
+-	}
+-
+         /*
+          * See if inetd started us
+          */
+@@ -153,6 +139,22 @@ main(int argc, char *argv[])
+ 		(void)fprintf(stderr, "unable to register (WALLPROG, WALLVERS, udp).\n");
+ 		exit(1);
+ 	}
++
++	/* Drop privilege */
++	if (getuid() == 0 || geteuid() == 0) {
++		struct passwd *pwd = getpwnam("nobody");
++		if (pwd) {
++			initgroups(pwd->pw_name, pwd->pw_gid);
++			setgid(pwd->pw_gid);
++			setuid(pwd->pw_uid);
++		}
++		seteuid(0);  /* this should fail */
++		if (getuid() == 0 || geteuid() == 0) {
++			syslog(LOG_CRIT, "can't drop root privileges");
++			exit(1);
++		}
++	}
++
+ 	svc_run();
+ 	(void)fprintf(stderr, "svc_run returned\n");
+ 	exit(1);
diff --git a/rwall.spec b/rwall.spec
index 6ea5937..d5c2aa2 100644
--- a/rwall.spec
+++ b/rwall.spec
@@ -1,14 +1,16 @@
-Summary: Client for sending messages to a host's logged in users.
+Summary: Client for sending messages to a host's logged in users
 Name: rwall
 Version: 0.17
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: BSD
+Url: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/
 Group: System Environment/Daemons
-Source: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
+Source: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-rwall-%{version}.tar.gz
 Source1: rwalld.init
 Patch1: netkit-rwalld-0.10-banner.patch
 Patch2: netkit-rwall-0.17-strip.patch
 Patch3: netkit-rwall-0.17-netgroup.patch
+Patch4: netkit-rwall-0.17-droppriv.patch
 BuildRoot: %{_tmppath}/%{name}-root
 
 %description
@@ -22,9 +24,9 @@ Install rwall if you'd like the ability to send messages to users
 logged in to a specified host machine.
 
 %package server
-Summary: Server for sending messages to a host's logged in users.
-Prereq: /sbin/chkconfig /etc/init.d
+Summary: Server for sending messages to a host's logged in users
 Group: System Environment/Daemons
+Requires(pre): /sbin/chkconfig /etc/init.d
 Requires: portmap
 
 %description server
@@ -42,6 +44,7 @@ from users on remote hosts.
 %patch1 -p1 -b .banner
 %patch2 -p1 -b .strip
 %patch3 -p1 -b .netgroup
+%patch4 -p1 -b .droppriv
 
 %build
 sh configure --with-c-compiler=gcc
@@ -67,17 +70,13 @@ sh configure --with-c-compiler=gcc
 make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"
 
 %install
-rm -rf ${RPM_BUILD_ROOT}
 mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
 mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,8}
 mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/init.d
 
 make INSTALLROOT=${RPM_BUILD_ROOT} install
-install -m 755 $RPM_SOURCE_DIR/rwalld.init ${RPM_BUILD_ROOT}/etc/rc.d/init.d/rwalld
-
-%clean
-rm -rf ${RPM_BUILD_ROOT}
+install -m 755 %SOURCE1 ${RPM_BUILD_ROOT}%{_initrddir}/rwalld
 
 %post server
 /sbin/chkconfig --add rwalld
@@ -97,9 +96,14 @@ fi
 %{_sbindir}/rpc.rwalld
 %{_mandir}/man8/rpc.rwalld.8*
 %{_mandir}/man8/rwalld.8*
-%config /etc/rc.d/init.d/rwalld
+%{_initrddir}/rwalld
 
 %changelog
+* Mon Aug 01 2011 Honza Horak <hhorak at redhat.com> - 0.17-32
+- moved privileges drop after port reservation to handle 
+  a bug similar to #247985
+- fixed rpmlint errors
+
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.17-31
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 
@@ -213,7 +217,7 @@ fi
 - compress man pages.
 
 * Sat Feb  5 2000 Florian La Roche <Florian.LaRoche at redhat.com>
-- change %postun to %preun
+- change %%postun to %%preun
 
 * Wed Feb 02 2000 Cristian Gafton <gafton at redhat.com>
 - fix descriptions and summary
@@ -246,7 +250,7 @@ fi
 
 * Sun Oct 19 1997 Erik Troan <ewt at redhat.com>
 - added a chkconfig compatible initscript
-- added %attr attributes
+- added %%attr attributes
 
 * Tue Jul 15 1997 Erik Troan <ewt at redhat.com>
 - initial build
diff --git a/rwalld.init b/rwalld.init
index 20f1a82..e4455d6 100755
--- a/rwalld.init
+++ b/rwalld.init
@@ -8,8 +8,8 @@
 
 ### BEGIN INIT INFO
 # Provides: rpc.rwalld
-# Required-Start: $syslog $network
-# Required-Stop:  $syslog $network
+# Required-Start: $syslog $network $rpcbind
+# Required-Stop:  $syslog $network $rpcbind
 # Default-Start:
 # Default-Stop: 0 1 2 3 4 5 6
 # Short-Description: start and stop rpc.rwalld

More information about the scm-commits mailing list