APFS: drop privileges upon startup

Move SERVICE_LOGIN to rs.h global header so it's accessible for all.
This commit is contained in:
Thomas Veerman 2012-01-27 14:18:41 +00:00
parent 9233fdb359
commit becf700bc2
4 changed files with 12 additions and 12 deletions

View file

@ -37,8 +37,6 @@ PRIVATE int class_recurs; /* Nesting level of class statements */
#include "parse.h" #include "parse.h"
#define SERVICE_LOGIN "service" /* passwd file entry for services */
FORWARD void do_service(config_t *cpe, config_t *config, struct rs_config *); FORWARD void do_service(config_t *cpe, config_t *config, struct rs_config *);
PRIVATE void do_class(config_t *cpe, config_t *config, struct rs_config *rs_config) PRIVATE void do_class(config_t *cpe, config_t *config, struct rs_config *rs_config)

View file

@ -10,6 +10,8 @@ Interface to the reincarnation server
#include <minix/bitmap.h> #include <minix/bitmap.h>
#include <minix/com.h> #include <minix/com.h>
#define SERVICE_LOGIN "service" /* passwd file entry for services */
/* RSS definitions. */ /* RSS definitions. */
#define RSS_NR_IRQ 16 #define RSS_NR_IRQ 16
#define RSS_NR_IO 16 #define RSS_NR_IO 16

View file

@ -4,7 +4,10 @@
#include <minix/dmap.h> #include <minix/dmap.h>
#include <minix/driver.h> #include <minix/driver.h>
#include <minix/endpoint.h> #include <minix/endpoint.h>
#include <minix/rs.h>
#include <minix/vfsif.h> #include <minix/vfsif.h>
#include <sys/types.h>
#include <pwd.h>
#include "buf.h" #include "buf.h"
#include "inode.h" #include "inode.h"
#include "uds.h" #include "uds.h"
@ -119,6 +122,7 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
{ {
/* Initialize the pipe file server. */ /* Initialize the pipe file server. */
int i; int i;
struct passwd *pw;
/* Initialize main loop parameters. */ /* Initialize main loop parameters. */
exitsignaled = 0; /* No exit request seen yet. */ exitsignaled = 0; /* No exit request seen yet. */
@ -131,10 +135,14 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
init_inode_cache(); init_inode_cache();
uds_init(); uds_init();
SELF_E = getprocnr();
buf_pool(); buf_pool();
if ((pw = getpwnam(SERVICE_LOGIN)) == NULL)
panic("unable to retrieve uid of SERVICE_LOGIN");
if (setuid(pw->pw_uid) != 0)
panic("unable to drop privileges");
SELF_E = getprocnr();
return(OK); return(OK);
} }

View file

@ -237,14 +237,6 @@ PUBLIC int do_getepinfo()
register struct mproc *rmp; register struct mproc *rmp;
endpoint_t ep; endpoint_t ep;
/* This call should be moved to DS. */
if (mp->mp_effuid != 0) {
printf("PM: unauthorized call of do_getepinfo_o by proc %d\n",
mp->mp_endpoint);
sys_sysctl_stacktrace(mp->mp_endpoint);
return EPERM;
}
ep = m_in.PM_ENDPT; ep = m_in.PM_ENDPT;
for (rmp = &mproc[0]; rmp < &mproc[NR_PROCS]; rmp++) { for (rmp = &mproc[0]; rmp < &mproc[NR_PROCS]; rmp++) {