Re: [Dbmail-dev] DONE PATCHING!

Thu, 13 May 2004 00:03:19 +0200 (CEST) 

On Wed, May 12, 2004 at 05:38:59PM -0400, Dan Weber wrote:
> The alternatives are seteuid and setegid which can be there with
> an ifndef _GNU_SOURCE 

Here this looks good.  this is another patch to deal with these
_GNU_SOURCE issues.  I fixed acconfig.h by adding 
#undef _GNU_SOURCE then I put the necessary #ifdef #else #endif where
they should be.  Finally you will need to rebuild the configure
script.

-- Dan Weber

#! /bin/sh -e
## 07_drop_privledges.dpatch by  <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

if [ $# -lt 1 ]; then
    echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
    exit 1
fi

[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"

case "$1" in
    -patch) patch -p1 ${patch_opts} < $0;;
    -unpatch) patch -R -p1 ${patch_opts} < $0;;
    *)
        echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
        exit 1;;
esac

exit 0

@DPATCH@
diff -urNad /usr/src/dbmail-2.0/acconfig.h dbmail-2.0/acconfig.h
--- /usr/src/dbmail-2.0/acconfig.h      2004-05-12 17:56:17.000000000 -0400
+++ dbmail-2.0/acconfig.h       2004-05-12 17:57:01.000000000 -0400
@@ -23,3 +23,5 @@
 #undef HAVE_ENDIAN_H
 #undef HAVE_CRYPT_H
 
+/* For Drop Privleges stuff */
+#undef _GNU_SOURCE
diff -urNad /usr/src/dbmail-2.0/server.c dbmail-2.0/server.c
--- /usr/src/dbmail-2.0/server.c        2004-05-12 17:56:24.000000000 -0400
+++ dbmail-2.0/server.c 2004-05-12 17:57:20.000000000 -0400
@@ -48,7 +48,7 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <signal.h>
-
+#include <pwd.h>
 
 int GeneralStopRequested = 0;
 int Restart = 0;
@@ -154,6 +154,24 @@
        }
 }
 
+int DropPrivleges(serverConfig_t *conf)
+{
+       /* Dropping Permissions to effective user */
+       trace(TRACE_INFO, "Dropping root privledges");
+       
+       struct passwd *user;
+       user = getpwnam(conf->serverUser);      
+
+#ifdef _GNU_SOURCE 1
+       setresuid(user->pw_uid,user->pw_uid,user->pw_uid);
+       setresgid(user->pw_gid,user->pw_gid,user->pw_gid);
+#else
+       seteuid(user->pw_uid);
+       setegid(user->pw_gid);
+#endif
+
+       return(0);
+}
 
 int CreateSocket(serverConfig_t * conf)
 {
@@ -217,7 +235,9 @@
 
        trace(TRACE_INFO, "CreateSocket(): socket creation complete");
        conf->listenSocket = sock;
-
+       
+       DropPrivleges(conf);
        return 0;
 }
 
+

Attachment: signature.asc
Description: Digital signature

Reply via email to