diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-01-15 14:14:34 +0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-15 14:14:34 +0400 |
commit | e0b6d3cabe69c845969c90581f5b1b16cdbad5df (patch) | |
tree | f5a9e3c2cd91df64df010e0355de0139ccfbf2f3 /src/libsystemd/sd-daemon | |
parent | c557fc3e2f3ac132da90c48aa365a902be65696e (diff) | |
parent | 6b44a121c15584f340f73cf9ef8aa144ddcc22b2 (diff) | |
download | systemd-e0b6d3cabe69c845969c90581f5b1b16cdbad5df.tar.gz |
Merge pull request #7816 from poettering/chase-pid
Make MAINPID= and PIDFile= handling more restrictive (and other stuff)
Diffstat (limited to 'src/libsystemd/sd-daemon')
-rw-r--r-- | src/libsystemd/sd-daemon/sd-daemon.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c index 93721a5cf4..1334498ca4 100644 --- a/src/libsystemd/sd-daemon/sd-daemon.c +++ b/src/libsystemd/sd-daemon/sd-daemon.c @@ -456,7 +456,13 @@ _public_ int sd_is_mq(int fd, const char *path) { return 1; } -_public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char *state, const int *fds, unsigned n_fds) { +_public_ int sd_pid_notify_with_fds( + pid_t pid, + int unset_environment, + const char *state, + const int *fds, + unsigned n_fds) { + union sockaddr_union sockaddr = { .sa.sa_family = AF_UNIX, }; @@ -471,7 +477,7 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char _cleanup_close_ int fd = -1; struct cmsghdr *cmsg = NULL; const char *e; - bool have_pid; + bool send_ucred; int r; if (!state) { @@ -505,7 +511,7 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char goto finish; } - fd_inc_sndbuf(fd, SNDBUF_SIZE); + (void) fd_inc_sndbuf(fd, SNDBUF_SIZE); iovec.iov_len = strlen(state); @@ -515,13 +521,16 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char msghdr.msg_namelen = SOCKADDR_UN_LEN(sockaddr.un); - have_pid = pid != 0 && pid != getpid_cached(); + send_ucred = + (pid != 0 && pid != getpid_cached()) || + getuid() != geteuid() || + getgid() != getegid(); - if (n_fds > 0 || have_pid) { + if (n_fds > 0 || send_ucred) { /* CMSG_SPACE(0) may return value different than zero, which results in miscalculated controllen. */ msghdr.msg_controllen = (n_fds > 0 ? CMSG_SPACE(sizeof(int) * n_fds) : 0) + - (have_pid ? CMSG_SPACE(sizeof(struct ucred)) : 0); + (send_ucred ? CMSG_SPACE(sizeof(struct ucred)) : 0); msghdr.msg_control = alloca0(msghdr.msg_controllen); @@ -533,11 +542,11 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char memcpy(CMSG_DATA(cmsg), fds, sizeof(int) * n_fds); - if (have_pid) + if (send_ucred) assert_se(cmsg = CMSG_NXTHDR(&msghdr, cmsg)); } - if (have_pid) { + if (send_ucred) { struct ucred *ucred; cmsg->cmsg_level = SOL_SOCKET; @@ -545,7 +554,7 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred)); ucred = (struct ucred*) CMSG_DATA(cmsg); - ucred->pid = pid; + ucred->pid = pid != 0 ? pid : getpid_cached(); ucred->uid = getuid(); ucred->gid = getgid(); } @@ -558,7 +567,7 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char } /* If that failed, try with our own ucred instead */ - if (have_pid) { + if (send_ucred) { msghdr.msg_controllen -= CMSG_SPACE(sizeof(struct ucred)); if (msghdr.msg_controllen == 0) msghdr.msg_control = NULL; |