From 4401d759051714fcc016a146685f3c13bed49442 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Sun, 3 Oct 2004 19:33:48 +0000 Subject: Update. Implement paranoia mode. * nscd/connections.c (nscd_init): Mark database and socket descriptors as close on exec. (restart): New function. (restart_p): New function. (nscd_run): Add missing descrement of nready in case readylist is empty. (main_loop_poll): Call restart_p and restart. (main_loop_epoll): Likewise. (begin_drop_privileges): Save original UID and GID. * nscd/nscd.c: Define new variables paranoia, restart_time, restart_interval, oldcwd, old_gid, old_uid. (main): Disable paranoia mode if we are not forking. (check_pid): When re-execing, the PID file contains the same PID as the current process. Do not fail in this case. * nscd/nscd.conf: Add paranoia and restart-interval entries. * nscd/nscd.h: Define RESTART_INTERVAL. Declare new variables. * nscd/nscd_conf.c: Parse paranoia and restart-internal configurations. * nscd/nscd_stat.c: Print paranoia and restart-internal values. --- nscd/nscd.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'nscd/nscd.c') diff --git a/nscd/nscd.c b/nscd/nscd.c index 146f61cb25..0ef54bcf08 100644 --- a/nscd/nscd.c +++ b/nscd/nscd.c @@ -79,6 +79,13 @@ time_t start_time; uintptr_t pagesize_m1; +int paranoia; +time_t restart_time; +time_t restart_interval = RESTART_INTERVAL; +const char *oldcwd; +uid_t old_uid; +gid_t old_gid; + static int check_pid (const char *file); static int write_pid (const char *file); @@ -248,6 +255,9 @@ main (int argc, char **argv) signal (SIGTTIN, SIG_IGN); signal (SIGTSTP, SIG_IGN); } + else + /* In foreground mode we are not paranoid. */ + paranoia = 0; /* Start the SELinux AVC. */ if (selinux_enabled) @@ -414,6 +424,7 @@ nscd_open_socket (void) return sock; } + /* Cleanup. */ void termination_handler (int signum) @@ -461,7 +472,11 @@ check_pid (const char *file) n = fscanf (fp, "%d", &pid); fclose (fp); - if (n != 1 || kill (pid, 0) == 0) + /* If we cannot parse the file default to assuming nscd runs. + If the PID is alive, assume it is running. That all unless + the PID is the same as the current process' since tha latter + can mean we re-exec. */ + if ((n != 1 || kill (pid, 0) == 0) && pid != getpid ()) return 1; } -- cgit v1.2.1