Package: slmodemd
Version: 2.9.10+2.9.9d+e-pre2-5
There is no reason for slmodemd to run as root throughout its entire
lifetime. It only uses privileges to mess about making symlinks in
/dev, open sound devices, etc. The patch below invents a dynamic
system user and group Slmodemd which slmodemd switches to after
startup.
Regards,
Ian.
diff -ru orig/sl-modem-2.9.10+2.9.9d+e-pre2/debian/sl-modem-daemon.postinst
sl-modem-2.9.10+2.9.9d+e-pre2/debian/sl-modem-daemon.postinst
--- orig/sl-modem-2.9.10+2.9.9d+e-pre2/debian/sl-modem-daemon.postinst
2007-03-19 16:30:49.000000000 +0000
+++ sl-modem-2.9.10+2.9.9d+e-pre2/debian/sl-modem-daemon.postinst
2007-03-20 12:07:25.000000000 +0000
@@ -8,6 +8,10 @@
perl -pe "s,^SLMODEMD_COUNTRY.*,SLMODEMD_COUNTRY=$RET," -i
/etc/default/sl-modem-daemon
fi
+adduser --system --home / --no-create-home --group \
+ --gecos 'Smart Link Modem Server' --force-badname \
+ Slmodemd
+
if [ -x "/etc/init.d/sl-modem-daemon" ]; then
update-rc.d sl-modem-daemon defaults 12 >/dev/null
if [ -x /usr/sbin/invoke-rc.d ]; then
Only in sl-modem-2.9.10+2.9.9d+e-pre2/debian: sl-modem-daemon.postinst~
diff -ru orig/sl-modem-2.9.10+2.9.9d+e-pre2/modem/modem_main.c
sl-modem-2.9.10+2.9.9d+e-pre2/modem/modem_main.c
--- orig/sl-modem-2.9.10+2.9.9d+e-pre2/modem/modem_main.c 2005-06-23
22:52:08.000000000 +0100
+++ sl-modem-2.9.10+2.9.9d+e-pre2/modem/modem_main.c 2007-03-20
12:02:52.000000000 +0000
@@ -57,6 +57,7 @@
#include <signal.h>
#include <limits.h>
#include <grp.h>
+#include <pwd.h>
#ifdef SUPPORT_ALSA
#define ALSA_PCM_NEW_HW_PARAMS_API 1
@@ -76,6 +77,8 @@
#define DBG(fmt,args...) dprintf("main: " fmt, ##args)
+#define SLMODEMD_USER "Slmodemd"
+
#define CLOSE_COUNT_MAX 100
@@ -928,6 +931,7 @@
struct modem *m;
int pty;
int ret = 0;
+ struct passwd *pwd;
modem_debug_init(basename(dev_name));
@@ -976,6 +980,30 @@
signal(SIGINT, mark_termination);
signal(SIGTERM, mark_termination);
+#ifdef SLMODEMD_USER
+ pwd = getpwnam(SLMODEMD_USER);
+ if (!pwd) {
+ ERR("getpwnam " SLMODEMD_USER ": %s\n",strerror(errno));
+ exit(-1);
+ }
+
+ ret = (setgroups(1,&pwd->pw_gid) ||
+ setgid(pwd->pw_gid) ||
+ setuid(pwd->pw_uid));
+ if (ret) {
+ ERR("setgroups or setgid %ld or setuid %ld failed: %s\n",
+ (long)pwd->pw_gid,(long)pwd->pw_uid,strerror(errno));
+ exit(-1);
+ }
+
+ if (setuid(0) != -1) {
+ ERR("setuid 0 succeeded after dropping privileges!\n");
+ exit(-1);
+ }
+ DBG("dropped privileges to %ld.%ld\n",
+ (long)pwd->pw_gid,(long)pwd->pw_uid);
+#endif
+
INFO("Use `%s' as modem device, Ctrl+C for termination.\n",
*link_name ? link_name : m->pty_name);
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
