[G15daemon-commits] SF.net SVN: g15daemon: [101] trunk/g15daemon

[<mla...@us...>]

Revision: 101
          http://svn.sourceforge.net/g15daemon/?rev=101&view=rev
Author:   mlampard
Date:     2006-11-05 11:15:36 -0800 (Sun, 05 Nov 2006)

Log Message:
-----------
improve security

Modified Paths:
--------------
    trunk/g15daemon/ChangeLog
    trunk/g15daemon/g15daemon/main.c

Modified: trunk/g15daemon/ChangeLog
===================================================================
--- trunk/g15daemon/ChangeLog	2006-11-05 13:50:33 UTC (rev 100)
+++ trunk/g15daemon/ChangeLog	2006-11-05 19:15:36 UTC (rev 101)
@@ -83,3 +83,4 @@
 - debian packaging now installs manpages
 1.2.5svn -> current
 - Add compiletime check for uinput version, should resolve compilation problems on some distro's
+- Security improved - the daemon now sets its effective uid to nobody as soon as possible.

Modified: trunk/g15daemon/g15daemon/main.c
===================================================================
--- trunk/g15daemon/g15daemon/main.c	2006-11-05 13:50:33 UTC (rev 100)
+++ trunk/g15daemon/g15daemon/main.c	2006-11-05 19:15:36 UTC (rev 101)
@@ -35,6 +35,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <libdaemon/daemon.h>
+#include <pwd.h>
 
 #include <config.h>
 #include <libg15.h>
@@ -243,7 +244,10 @@
         fd_set fds;
         lcdlist_t *lcdlist;
         pthread_attr_t attr;
-
+        struct passwd *nobody;
+        
+        nobody = getpwnam("nobody");
+            
         if(daemon_pid_file_create() !=0){
             daemon_log(LOG_ERR,"Unable to create PID File! Exiting");
             daemon_retval_send(1);   
@@ -276,7 +280,13 @@
             daemon_retval_send(4);
             goto exitnow;
         }
-        
+
+        /* all other processes/threads should be seteuid nobody */
+        if(nobody!=NULL) {
+            seteuid(nobody->pw_uid);
+            setegid(nobody->pw_gid);
+        }
+                                                    
         /* initialise the linked list */
         lcdlist = lcdlist_init();
         pthread_mutex_init(&g15lib_mutex, NULL);
@@ -351,8 +361,11 @@
     }
 
 exitnow:
-        daemon_retval_done();
+    /* return to root privilages for the final countdown */
+    seteuid(0);
+    setegid(0);
+                
+    daemon_retval_done();
     daemon_pid_file_remove();
-return 0;
-
+    return 0;
 }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.