From 6d7967de8adaeab12ce99baa5245c93fceab4d3b Mon Sep 17 00:00:00 2001 From: Pawel Jakub Dawidek Date: Fri, 28 Jan 2011 22:35:46 +0000 Subject: [PATCH] Drop privileges in worker processes. Accepting connections and handshaking in secondary is still done before dropping privileges. It should be implemented by only accepting connections in privileged main process and passing connection descriptors to the worker, but is not implemented yet. MFC after: 1 week --- sbin/hastd/primary.c | 5 +++++ sbin/hastd/secondary.c | 3 +++ 2 files changed, 8 insertions(+) diff --git a/sbin/hastd/primary.c b/sbin/hastd/primary.c index e22ef828f63a..d701d8efb9b4 100644 --- a/sbin/hastd/primary.c +++ b/sbin/hastd/primary.c @@ -847,6 +847,11 @@ hastd_primary(struct hast_resource *res) init_ggate(res); init_environment(res); + if (drop_privs() != 0) { + cleanup(res); + exit(EX_CONFIG); + } + /* * Create the guard thread first, so we can handle signals from the * very begining. diff --git a/sbin/hastd/secondary.c b/sbin/hastd/secondary.c index 821d5c7450b2..21b54be9febd 100644 --- a/sbin/hastd/secondary.c +++ b/sbin/hastd/secondary.c @@ -413,6 +413,9 @@ hastd_secondary(struct hast_resource *res, struct nv *nvin) init_local(res); init_environment(); + if (drop_privs() != 0) + exit(EX_CONFIG); + /* * Create the control thread before sending any event to the parent, * as we can deadlock when parent sends control request to worker,