diff options
author | Jiri Popek <jiri.popek@gmail.com> | 2019-07-25 13:35:11 +0200 |
---|---|---|
committer | Saya Sugiura <39760799+ssugiura@users.noreply.github.com> | 2019-07-25 20:35:11 +0900 |
commit | 618920f01b65dfeffe76092057998808163ccb11 (patch) | |
tree | c7f1ca141360046ef66557bb34c127220cf67a9e /src/daemon/dlt-daemon.c | |
parent | e8716cc5c950e50411b23a7a6cafa3c063c59e90 (diff) | |
download | DLT-daemon-618920f01b65dfeffe76092057998808163ccb11.tar.gz |
Add option to set owner group of daemon FIFO (#122)
New option to set owner group of daemon FIFO (Default: /tmp/dlt)
is added in dlt.conf. If this option is used properly, more
secure tracing can be realized.
Only application that is in dlt_user_apps_group can write log
message to daemon FIFO.
Signed-off-by: Yusuke Sato <yusuke-sato@apn.alpine.co.jp>
Diffstat (limited to 'src/daemon/dlt-daemon.c')
-rw-r--r-- | src/daemon/dlt-daemon.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/src/daemon/dlt-daemon.c b/src/daemon/dlt-daemon.c index 7b80ef1..c305887 100644 --- a/src/daemon/dlt-daemon.c +++ b/src/daemon/dlt-daemon.c @@ -39,6 +39,7 @@ #include <syslog.h> #include <errno.h> #include <pthread.h> +#include <grp.h> #ifdef linux # include <sys/timerfd.h> @@ -253,7 +254,8 @@ int option_file_parser(DltDaemonLocal *daemon_local) if (strlen(DLT_USER_IPC_PATH) > DLT_IPC_PATH_MAX) fprintf(stderr, "Provided path too long...trimming it to path[%s]\n", daemon_local->flags.appSockPath); - +#else + memset(daemon_local->flags.daemonFifoGroup, 0, sizeof(daemon_local->flags.daemonFifoGroup)); #endif daemon_local->flags.gatewayMode = 0; strncpy(daemon_local->flags.gatewayConfigFile, @@ -566,6 +568,11 @@ int option_file_parser(DltDaemonLocal *daemon_local) intval); } } + else if(strcmp(token, "DaemonFifoGroup") == 0) + { + strncpy(daemon_local->flags.daemonFifoGroup, value, NAME_MAX); + daemon_local->flags.daemonFifoGroup[NAME_MAX] = 0; + } else if (strcmp(token, "BindAddress") == 0) { DltBindAddress_t *newNode = NULL; @@ -1085,6 +1092,35 @@ static int dlt_daemon_init_fifo(DltDaemonLocal *daemon_local) return -1; } /* if */ + /* Set group of daemon FIFO */ + if (daemon_local->flags.daemonFifoGroup[0] != 0) + { + errno = 0; + struct group * group_dlt = getgrnam(daemon_local->flags.daemonFifoGroup); + if (group_dlt) + { + ret = chown(tmpFifo, -1, group_dlt->gr_gid); + if (ret == -1) + { + dlt_vlog(LOG_ERR, "FIFO user %s cannot be chowned to group %s (%s)\n", + tmpFifo, daemon_local->flags.daemonFifoGroup, + strerror(errno)); + } + } + else if ((errno == 0) || (errno == ENOENT) || (errno == EBADF) || (errno == EPERM)) + { + dlt_vlog(LOG_ERR, "Group name %s is not found (%s)\n", + daemon_local->flags.daemonFifoGroup, + strerror(errno)); + } + else + { + dlt_vlog(LOG_ERR, "Failed to get group id of %s (%s)\n", + daemon_local->flags.daemonFifoGroup, + strerror(errno)); + } + } + fd = open(tmpFifo, O_RDWR); if (fd == -1) { |