Ref #1352 - check return value of setuid/setgid calls.
Also slightly changed the logic so its possible to fork as non-root, though you must explicitly list your username and group with -u and -g as I do not want to break built in defaults for compatibility.
This commit is contained in:
Adam Sutton
parent
6b2429bad7
commit
a3a917cc29
1 changed files with 34 additions and 14 deletions
48
src/main.c
48
src/main.c
|
|
@ -270,6 +270,8 @@ main(int argc, char **argv)
|
|||
int crash = 0;
|
||||
webui_port = 9981;
|
||||
htsp_port = 9982;
|
||||
gid_t gid;
|
||||
uid_t uid;
|
||||
|
||||
/* Get current directory */
|
||||
tvheadend_cwd = dirname(dirname(tvh_strdupa(argv[0])));
|
||||
|
|
@ -354,34 +356,52 @@ main(int argc, char **argv)
|
|||
|
||||
signal(SIGPIPE, handle_sigpipe);
|
||||
|
||||
log_stderr = 1;
|
||||
log_decorate = isatty(2);
|
||||
|
||||
if(forkaway) {
|
||||
grp = getgrnam(groupnam ?: "video");
|
||||
pw = usernam ? getpwnam(usernam) : NULL;
|
||||
|
||||
if(daemon(0, 0)) {
|
||||
exit(2);
|
||||
}
|
||||
pidfile = fopen(pidpath, "w+");
|
||||
if(pidfile != NULL) {
|
||||
fprintf(pidfile, "%d\n", getpid());
|
||||
fclose(pidfile);
|
||||
}
|
||||
|
||||
if(grp != NULL) {
|
||||
setgid(grp->gr_gid);
|
||||
gid = grp->gr_gid;
|
||||
} else {
|
||||
setgid(1);
|
||||
gid = 1;
|
||||
}
|
||||
|
||||
if (pw != NULL) {
|
||||
gid_t glist[10];
|
||||
int gnum = get_user_groups(pw, glist, 10);
|
||||
setgroups(gnum, glist);
|
||||
setuid(pw->pw_uid);
|
||||
if (getuid() != pw->pw_uid) {
|
||||
gid_t glist[10];
|
||||
int gnum;
|
||||
gnum = get_user_groups(pw, glist, 10);
|
||||
if (setgroups(gnum, glist)) {
|
||||
tvhlog(LOG_ALERT, "START", "setgroups() failed, do you have permission?");
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
uid = pw->pw_uid;
|
||||
homedir = pw->pw_dir;
|
||||
setenv("HOME", homedir, 1);
|
||||
} else {
|
||||
setuid(1);
|
||||
uid = 1;
|
||||
}
|
||||
if ((getgid() != gid) && setgid(gid)) {
|
||||
tvhlog(LOG_ALERT, "START", "setgid() failed, do you have permission?");
|
||||
return 1;
|
||||
}
|
||||
if ((getuid() != uid) && setuid(uid)) {
|
||||
tvhlog(LOG_ALERT, "START", "setuid() failed, do you have permission?");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(daemon(0, 0)) {
|
||||
exit(2);
|
||||
}
|
||||
if(pidfile != NULL) {
|
||||
fprintf(pidfile, "%d\n", getpid());
|
||||
fclose(pidfile);
|
||||
}
|
||||
|
||||
umask(0);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue