APFS: drop privileges upon startup
Move SERVICE_LOGIN to rs.h global header so it's accessible for all.
This commit is contained in:
Thomas Veerman
parent
9233fdb359
commit
becf700bc2
4 changed files with 12 additions and 12 deletions
|
|
@ -37,8 +37,6 @@ PRIVATE int class_recurs; /* Nesting level of class statements */
|
|||
|
||||
#include "parse.h"
|
||||
|
||||
#define SERVICE_LOGIN "service" /* passwd file entry for services */
|
||||
|
||||
FORWARD void do_service(config_t *cpe, config_t *config, struct rs_config *);
|
||||
|
||||
PRIVATE void do_class(config_t *cpe, config_t *config, struct rs_config *rs_config)
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@ Interface to the reincarnation server
|
|||
#include <minix/bitmap.h>
|
||||
#include <minix/com.h>
|
||||
|
||||
#define SERVICE_LOGIN "service" /* passwd file entry for services */
|
||||
|
||||
/* RSS definitions. */
|
||||
#define RSS_NR_IRQ 16
|
||||
#define RSS_NR_IO 16
|
||||
|
|
|
|||
|
|
@ -4,7 +4,10 @@
|
|||
#include <minix/dmap.h>
|
||||
#include <minix/driver.h>
|
||||
#include <minix/endpoint.h>
|
||||
#include <minix/rs.h>
|
||||
#include <minix/vfsif.h>
|
||||
#include <sys/types.h>
|
||||
#include <pwd.h>
|
||||
#include "buf.h"
|
||||
#include "inode.h"
|
||||
#include "uds.h"
|
||||
|
|
@ -119,6 +122,7 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
|
|||
{
|
||||
/* Initialize the pipe file server. */
|
||||
int i;
|
||||
struct passwd *pw;
|
||||
|
||||
/* Initialize main loop parameters. */
|
||||
exitsignaled = 0; /* No exit request seen yet. */
|
||||
|
|
@ -131,10 +135,14 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
|
|||
|
||||
init_inode_cache();
|
||||
uds_init();
|
||||
|
||||
SELF_E = getprocnr();
|
||||
buf_pool();
|
||||
|
||||
if ((pw = getpwnam(SERVICE_LOGIN)) == NULL)
|
||||
panic("unable to retrieve uid of SERVICE_LOGIN");
|
||||
if (setuid(pw->pw_uid) != 0)
|
||||
panic("unable to drop privileges");
|
||||
SELF_E = getprocnr();
|
||||
|
||||
return(OK);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -237,14 +237,6 @@ PUBLIC int do_getepinfo()
|
|||
register struct mproc *rmp;
|
||||
endpoint_t ep;
|
||||
|
||||
/* This call should be moved to DS. */
|
||||
if (mp->mp_effuid != 0) {
|
||||
printf("PM: unauthorized call of do_getepinfo_o by proc %d\n",
|
||||
mp->mp_endpoint);
|
||||
sys_sysctl_stacktrace(mp->mp_endpoint);
|
||||
return EPERM;
|
||||
}
|
||||
|
||||
ep = m_in.PM_ENDPT;
|
||||
|
||||
for (rmp = &mproc[0]; rmp < &mproc[NR_PROCS]; rmp++) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue