Commit ae601630 authored by Timo Teräs's avatar Timo Teräs

main/fprobe-ulog: fix setregid

Needs to be done before spwaning threads or musl's setregid will
fail if in chroot().
parent e1c5dc11
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=fprobe-ulog
pkgver=1.2
pkgrel=0
pkgrel=1
pkgdesc="netfilter-based tool that collect network traffic"
url="https://github.com/opoplawski/fprobe-ulog"
arch="all"
......@@ -55,14 +55,14 @@ md5sums="05408501ac17a664fda269a208efa087 fprobe-ulog-1.2.tar.gz
8aabfe548f2fb197a10c8ccfaa4d0a23 fprobe-ulog.confd
d791e5d15be8fb59b22f7fa235b9f041 fprobe-ulog.initd
f1316ad835c1a2b6565b4dc448b022df fprobe-1.1-pidfile-sanity.patch
86bedb26dd76e7326578caae875c22a4 fix-setuser.patch"
27bfeb6c6cd7089240173a2829054d87 fix-setuser.patch"
sha256sums="72a8c13001dd512acff9b85594dd29a435947072e20abefe85c29468a3967121 fprobe-ulog-1.2.tar.gz
7101091e238f5b0719a66f525f5bdc000ad593f492dd51896e2bd077fcada8f4 fprobe-ulog.confd
3dfaa0a8e995ac2c3caa49a01ed570f83348fb3348d1a5106af5a80a1fc1f3d0 fprobe-ulog.initd
660531f8ba574f80835bb26390e47c2541a3c75985656d46a334c38bfaa4e362 fprobe-1.1-pidfile-sanity.patch
4ea5dd2513049aecf018aac1bd1f67f5ad4bf6359724c17235eeeddb00889095 fix-setuser.patch"
aa4b237750555323de29f6ddbc3f807dc507bd72564043e9dab6316dc3424123 fix-setuser.patch"
sha512sums="c393c0705bd6c7cee998fccc48dede3568063b5130971f36c08f580c7678cf52fdf446c02cc4df3d5a2ead68cb2d14434e0847bfff27b6a0c5ef5ec7d6f61145 fprobe-ulog-1.2.tar.gz
388522863b5c77a334ee11bd771717d829448c85755b58088e22558b99a98514ac95ec3122cf3cb1ce7376f40ac0bae6bf1488dbd4ef60170c3ff83824988195 fprobe-ulog.confd
2c81ab715eea71beac21d4e4261464ed763464398e3fa4979eb8bd1f671d22916dffb64f051714b6460bb422924517979a3630139b478ddd258b2c28b3d73a14 fprobe-ulog.initd
e8d5103d2c12fffb913b327badf07e6ac3a0ad8b6e39e942c50dc7e472391b345006b7ee7b7d12a4613c351db2b4e88a6fbd17cfa0907c7c9010faeced3ff557 fprobe-1.1-pidfile-sanity.patch
aef41de2cdacc9ad9f9f9f7f591b0d55f4b7face233a1c5ab1c63704b9b390e3daf50da1a6da65e8508303abb81f388968cc3b0132e9f02ee658127a542aa077 fix-setuser.patch"
981f8bf359f7f338a742eb605a09ff95a960231b98b80552d70f1637aea0ec061fddfd8fa004eef971143af52c88e3a8c7dd45605693f9035cb2c63ccfadb1ed fix-setuser.patch"
......@@ -5,10 +5,10 @@ and change the process values (including all threads). Remove the per-thread
hacks. This fixes a race condition that created thread calls first setreuid()
causing the setgroups() call in the main thread to fail with -EPERM.
diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.c
--- fprobe-ulog-1.1.orig/src/fprobe-ulog.c 2014-07-30 13:09:34.000000000 -0300
+++ fprobe-ulog-1.1/src/fprobe-ulog.c 2014-07-30 13:46:25.952717084 -0300
@@ -619,18 +619,6 @@
diff -ru fprobe-ulog-1.2.orig/src/fprobe-ulog.c fprobe-ulog-1.2/src/fprobe-ulog.c
--- fprobe-ulog-1.2.orig/src/fprobe-ulog.c 2015-06-01 08:48:25.858651393 -0300
+++ fprobe-ulog-1.2/src/fprobe-ulog.c 2015-06-01 08:49:07.645734248 -0300
@@ -622,18 +622,6 @@
return p;
}
......@@ -27,7 +27,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
void *emit_thread()
{
struct Flow *flow;
@@ -642,8 +630,6 @@
@@ -645,8 +633,6 @@
p = (void *) &emit_packet + netflow->HeaderSize;
timeout.tv_nsec = 0;
......@@ -36,7 +36,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
for (;;) {
pthread_mutex_lock(&emit_mutex);
while (!flows_emit) {
@@ -730,8 +716,6 @@
@@ -733,8 +719,6 @@
char logbuf[256];
#endif
......@@ -45,7 +45,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
timeout.tv_nsec = 0;
pthread_mutex_lock(&unpending_mutex);
@@ -777,8 +761,6 @@
@@ -780,8 +764,6 @@
struct Time now;
struct timespec timeout;
......@@ -54,7 +54,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
timeout.tv_nsec = 0;
pthread_mutex_lock(&scan_mutex);
@@ -872,8 +854,6 @@
@@ -876,8 +858,6 @@
char logbuf[256];
#endif
......@@ -63,3 +63,47 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
while (!killed) {
len = ipulog_read(ulog_handle, cap_buf, CAPTURE_SIZE, 1);
if (len <= 0) {
@@ -1386,6 +1366,21 @@
}
}
+ if (pw) {
+ if (setgroups(0, NULL)) {
+ my_log(LOG_CRIT, "setgroups(): %s", strerror(errno));
+ exit(1);
+ }
+ if (setregid(pw->pw_gid, pw->pw_gid)) {
+ my_log(LOG_CRIT, "setregid(%u): %s", pw->pw_gid, strerror(errno));
+ exit(1);
+ }
+ if (setreuid(pw->pw_uid, pw->pw_uid)) {
+ my_log(LOG_CRIT, "setreuid(%u): %s", pw->pw_uid, strerror(errno));
+ exit(1);
+ }
+ }
+
schedp.sched_priority = schedp.sched_priority - THREADS + 2;
pthread_attr_init(&tattr);
for (i = 0; i < THREADS - 1; i++) {
@@ -1404,21 +1399,6 @@
schedp.sched_priority++;
}
- if (pw) {
- if (setgroups(0, NULL)) {
- my_log(LOG_CRIT, "setgroups(): %s", strerror(errno));
- exit(1);
- }
- if (setregid(pw->pw_gid, pw->pw_gid)) {
- my_log(LOG_CRIT, "setregid(%u): %s", pw->pw_gid, strerror(errno));
- exit(1);
- }
- if (setreuid(pw->pw_uid, pw->pw_uid)) {
- my_log(LOG_CRIT, "setreuid(%u): %s", pw->pw_uid, strerror(errno));
- exit(1);
- }
- }
-
my_log(LOG_INFO, "pid: %d", pid);
my_log(LOG_INFO, "options: u=%u s=%u g=%u d=%u e=%u n=%u a=%s "
"M=%d b=%u m=%u q=%u B=%u r=%u t=%u:%u c=%s u=%s v=%u l=%u%s",
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment