On Wed, Aug 13, 2008 at 05:26:21PM -0700, Bernard Li wrote:
> On Wed, Aug 13, 2008 at 5:07 PM, Kostas Georgiou
> <[EMAIL PROTECTED]> wrote:
>
> > This is easilly solved by using /var/run/gmetad/ to store the pid with the
> > directory owned by whatever user gmetad runs as. Then you run with
> > daemon --user ganglia $GMETAD --pid-file=/var/run/ganglia/gmetad.pid
> > and everything is still fine without any root privileges.
> >
> > At the moment though the init doesn't tell gmetad to use a pid file
> > anyway so this can't be the only reason.
>
> Perhaps you can let us know what issue your approach would solve --
> i.e. why the change?
It seems pretty clear to me.
If there is no reason to run gmetad as root (and there is really no reason,
other than the fact that will require some configuration or code changes to
avoid failing to setuid) then it might be wise for a security conscious user
(and fedora is one) to avoid running it as root so that the window of
opportunity for a exploit that could be using it to elevate privileges
will be avoided.
a very simple (if not completely correct, neither the most efficient) way
to fix this in the code attached.
Carlo
Index: gmetad/gmetad.c
===================================================================
--- gmetad/gmetad.c (revision 1705)
+++ gmetad/gmetad.c (working copy)
@@ -249,7 +249,7 @@
pthread_t pid;
pthread_attr_t attr;
int i, num_sources, sleep_time;
- uid_t gmetad_uid;
+ uid_t gmetad_uid, current_uid;
char * gmetad_username;
struct passwd *pw;
char hostname[HOSTNAMESZ];
@@ -341,17 +341,24 @@
gmetad_username = strdup(pw->pw_name);
}
+ current_uid = getuid();
debug_msg("Going to run as user %s", gmetad_username);
if( c->should_setuid )
{
- become_a_nobody(c->setuid_username);
+ if (current_uid)
+ debug_msg("Ignoring setuid because user id is %d", current_uid);
+ else
+ {
+ become_a_nobody(c->setuid_username);
+ current_uid = gmetad_uid;
+ }
}
if( stat( c->rrd_rootdir, &struct_stat ) )
{
err_sys("Please make sure that %s exists", c->rrd_rootdir);
}
- if ( struct_stat.st_uid != gmetad_uid )
+ if ( struct_stat.st_uid != current_uid )
{
err_quit("Please make sure that %s is owned by %s", c->rrd_rootdir,
gmetad_username);
}
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers
