On Wed, Jun 18, 2008 at 22:48, Serge Dubrouski <[EMAIL PROTECTED]> wrote:
> So I digged little bit more and here is what I found:
>
> lib/clpluming/uids.c file has the following code:
>
> #if defined(HAVE_SETEUID) && defined(HAVE_SETEGID) && \
> defined(_POSIX_SAVED_IDS)
> # define CAN_DROP_PRIVS 1
>
> #endif
>
>
> #ifndef CAN_DROP_PRIVS
> int drop_privs(uid_t uid, gid_t gid) { return 0; }
> int return_to_orig_privs(void) { return 0; }
> int return_to_dropped_privs(void) { return 0; }
> int cl_have_full_privs(void) { return 0; }
> #else
>
> In the old Heartebeat packaging HAVE_SETEUID and HAVE_SETEGID where
> defined in include/config.h. In the new packaging that file does not
> exist. So drop_privs defaults into "return 0;" and those daemons never
> switch to "nobody" user. Any ideas on this change?
Hmmm - well it wasn't deliberate.
Looks like configure cant find seteuid or setegid on the build host.
I'll investigate tomorrow AM.
Thanks for bringing this to my attention!
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
