kopia lustrzana https://gitlab.com/sane-project/backends
saned can now drop privileges when running in standalone mode.
Julien BLACHE
rodzic
cbb3833dbe
commit
90a1c88e0d
|
|
@ -1,7 +1,9 @@
|
|||
2008-04-10 Julien Blache <jb@jblache.org>
|
||||
* frontend/saned.c: do not use daemon(), as it's a 4.4BSD/glibc
|
||||
function; OS/2 for instance does not have it. Use an open-coded
|
||||
equivalent. Add a PID file.
|
||||
equivalent. Add a PID file. saned -a username now drops privileges
|
||||
and runs as the given user (and group).
|
||||
* doc/saned.man: document -a username.
|
||||
|
||||
2008-04-06 Nicolas Martin <nicols-guest at users.alioth.debian.org>
|
||||
* backend/pixma_mp150.c:
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
.TH saned 8 "6 April 2008" "@PACKAGEVERSION@" "SANE Scanner Access Now Easy"
|
||||
.TH saned 8 "10 April 2008" "@PACKAGEVERSION@" "SANE Scanner Access Now Easy"
|
||||
.IX saned
|
||||
.SH NAME
|
||||
saned \- SANE network daemon
|
||||
.SH SYNOPSIS
|
||||
.B saned
|
||||
.B [ -a | -d
|
||||
.B [ -a
|
||||
.I [ username ]
|
||||
.B | -d
|
||||
.I [ n ]
|
||||
.B | -s
|
||||
.I [ n ]
|
||||
|
|
@ -26,7 +28,13 @@ client connections;
|
|||
.B inetd
|
||||
is not required for
|
||||
.B saned
|
||||
operations in this mode.
|
||||
operations in this mode. If the optional
|
||||
.B username
|
||||
is given after
|
||||
.B -a
|
||||
,
|
||||
.B saned
|
||||
will drop root privileges and run as this user (and group).
|
||||
.PP
|
||||
The
|
||||
.B -d
|
||||
|
|
|
|||
|
|
@ -78,6 +78,8 @@
|
|||
|
||||
#include <sys/wait.h>
|
||||
|
||||
#include <pwd.h>
|
||||
|
||||
#if defined(HAVE_SYS_POLL_H) && defined(HAVE_POLL)
|
||||
# include <sys/poll.h>
|
||||
#else
|
||||
|
|
@ -2446,16 +2448,29 @@ run_standalone (int argc, char **argv)
|
|||
int i;
|
||||
int ret;
|
||||
|
||||
uid_t runas_uid = -1;
|
||||
gid_t runas_gid = -1;
|
||||
struct passwd *pwent;
|
||||
FILE *pidfile;
|
||||
|
||||
/* Unused in this function */
|
||||
argc = argc;
|
||||
argv = argv;
|
||||
|
||||
do_bindings (&nfds, &fds);
|
||||
|
||||
if (run_mode != SANED_RUN_DEBUG)
|
||||
{
|
||||
if (argc > 2)
|
||||
{
|
||||
pwent = getpwnam(argv[2]);
|
||||
|
||||
if (pwent == NULL)
|
||||
{
|
||||
DBG (DBG_ERR, "FATAL ERROR: user %s not found on system\n", argv[2]);
|
||||
bail_out (1);
|
||||
}
|
||||
|
||||
runas_uid = pwent->pw_uid;
|
||||
runas_gid = pwent->pw_gid;
|
||||
}
|
||||
|
||||
DBG (DBG_MSG, "run_standalone: daemonizing now\n");
|
||||
|
||||
fd = open ("/dev/null", O_RDWR);
|
||||
|
|
@ -2498,6 +2513,15 @@ run_standalone (int argc, char **argv)
|
|||
|
||||
setsid ();
|
||||
|
||||
/* Drop privileges if requested */
|
||||
if (runas_uid > 0)
|
||||
{
|
||||
seteuid (runas_uid);
|
||||
setegid (runas_gid);
|
||||
|
||||
DBG (DBG_WARN, "Dropped privileges to uid %d gid %d\n", runas_uid, runas_gid);
|
||||
}
|
||||
|
||||
signal(SIGINT, sig_int_term_handler);
|
||||
signal(SIGTERM, sig_int_term_handler);
|
||||
}
|
||||
|
|
@ -2611,7 +2635,7 @@ main (int argc, char *argv[])
|
|||
numchildren = 0;
|
||||
run_mode = SANED_RUN_INETD;
|
||||
|
||||
if (argc == 2)
|
||||
if (argc >= 2)
|
||||
{
|
||||
if (strncmp (argv[1], "-a", 2) == 0)
|
||||
run_mode = SANED_RUN_ALONE;
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue