Changes to support valgrind auditing.

4 files changed, 42 insertions, 24 deletions

diff --git a/Makefile.am b/Makefile.am
index 1a34995a..c4ca2599 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -167,6 +167,7 @@ EXTRA_DIST = \
 	gpsfake \
 	gpsd.hotplug \
 	gpsd.usermap \
+	valgrind-suppressions \
 	logextract
 
 # This is not distributed
diff --git a/gpsd.c b/gpsd.c
index 9d315fb5..05c3f6c2 100644
--- a/gpsd.c
+++ b/gpsd.c
@@ -938,8 +938,6 @@ int main(int argc, char *argv[])
     fd_set rfds, control_fds;
     int i, option, msock, cfd, dfd; 
     bool go_background = true;
-    struct passwd *pw;
-    struct stat stb;
     struct timeval tv;
     // extern char *optarg;
 
@@ -1042,11 +1040,6 @@ int main(int argc, char *argv[])
     }
 #endif /* NTPSHM_ENABLE */
 
-    /* make default devices accessible even after we drop privileges */
-    for (i = optind; i < argc; i++) 
-	if (stat(argv[i], &stb) == 0)
-	    (void)chmod(argv[i], stb.st_mode|S_IRGRP|S_IWGRP);
-
 #if DBUS_ENABLE
     /* we need to connect to dbus as root */
     if (initialize_dbus_connection()) {
@@ -1055,23 +1048,32 @@ int main(int argc, char *argv[])
     } else
 	gpsd_report (2, "successfully connected to the DBUS system bus\n");
 #endif /* DBUS_ENABLE */
-    
-    /*
-     * Drop privileges.  Up to now we've been running as root.  Instead,
-     * set the user ID to 'nobody' and the group ID to the owning group 
-     * of a prototypical TTY device.  This limits the scope of any
-     * compromises in the code.  It requires that all GPS devices have
-     * their group read/write permissions set.
-     */
-    if (getuid() == 0 && ((optind<argc && stat(argv[optind], &stb)==0) || stat(PROTO_TTY, &stb)==0)) {
-	gpsd_report(2, "changing to group %d\n", stb.st_gid);
-	if (setgid(stb.st_gid) != 0)
-	    gpsd_report(0, "setgid() failed, errno %s\n", strerror(errno));
+
+    if (getuid() == 0 && go_background) {
+	struct passwd *pw;
+	struct stat stb;
+
+	/* make default devices accessible even after we drop privileges */
+	for (i = optind; i < argc; i++) 
+	    if (stat(argv[i], &stb) == 0)
+		(void)chmod(argv[i], stb.st_mode|S_IRGRP|S_IWGRP);
+	/*
+	 * Drop privileges.  Up to now we've been running as root.  Instead,
+	 * set the user ID to 'nobody' and the group ID to the owning group 
+	 * of a prototypical TTY device.  This limits the scope of any
+	 * compromises in the code.  It requires that all GPS devices have
+	 * their group read/write permissions set.
+	 */
+	if ((optind<argc&&stat(argv[optind], &stb)==0)||stat(PROTO_TTY,&stb)==0) {
+	    gpsd_report(2, "changing to group %d\n", stb.st_gid);
+	    if (setgid(stb.st_gid) != 0)
+		gpsd_report(0, "setgid() failed, errno %s\n", strerror(errno));
+	}
+	pw = getpwnam("nobody");
+	if (pw)
+	    (void)setuid(pw->pw_uid);
     }
     gpsd_report(2, "running with effective group ID %d\n", getegid());
-    pw = getpwnam("nobody");
-    if (pw)
-	(void)setuid(pw->pw_uid);
     gpsd_report(2, "running with effective user ID %d\n", geteuid());
 
     /* user may want to re-initialize all channels */
diff --git a/gpsd.xml b/gpsd.xml
index b8a004f4..5bc3bb5f 100644
--- a/gpsd.xml
+++ b/gpsd.xml
@@ -109,8 +109,9 @@ well with -D2 to enable monitoring of the GPS data stream.</para>
 </varlistentry>
 <varlistentry>
 <term>-N</term>
-<listitem><para>Don't daemonize; run in foreground. Mainly useful
-for debugging.</para>
+<listitem><para>Don't daemonize; run in foreground.  Also suppresses 
+privilege-dropping.  This switch is mainly useful for debugging.
+Its meaning may change in future versions.</para>
 </listitem>
 </varlistentry>
 <varlistentry>
diff --git a/valgrind-suppressions b/valgrind-suppressions
new file mode 100644
index 00000000..eee8281c
--- /dev/null
+++ b/valgrind-suppressions
@@ -0,0 +1,14 @@
+# Suppress known C library errors in valgrind.
+# This is good under gcc 3.4.2, glibc 2.3.4
+{
+   strlen1
+   Memcheck:Value8
+   fun:vfprintf
+   fun:vsnprintf
+   fun:gpsd_report
+   fun:sirf_parse
+   fun:sirfbin_parse_input
+   fun:handle_packet
+   fun:gpsd_poll
+   fun:main
+}