diff options
Diffstat (limited to 'security/prelude-lml')
-rw-r--r-- | security/prelude-lml/Makefile | 3 | ||||
-rw-r--r-- | security/prelude-lml/files/preludelml.sh | 4 | ||||
-rw-r--r-- | security/prelude-lml/files/run-prelude-lml.c | 21 |
3 files changed, 22 insertions, 6 deletions
diff --git a/security/prelude-lml/Makefile b/security/prelude-lml/Makefile index c77421f8cd3..3223de2c020 100644 --- a/security/prelude-lml/Makefile +++ b/security/prelude-lml/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.10 2006/05/22 11:49:51 shannonjr Exp $ +# $NetBSD: Makefile,v 1.11 2006/05/26 11:25:22 shannonjr Exp $ # DISTNAME= prelude-lml-0.9.5 +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= http://www.prelude-ids.org/download/releases/ diff --git a/security/prelude-lml/files/preludelml.sh b/security/prelude-lml/files/preludelml.sh index 4c905fd9c6e..f2a7efe99b9 100644 --- a/security/prelude-lml/files/preludelml.sh +++ b/security/prelude-lml/files/preludelml.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: preludelml.sh,v 1.3 2006/01/31 18:25:43 shannonjr Exp $ +# $NetBSD: preludelml.sh,v 1.4 2006/05/26 11:25:22 shannonjr Exp $ # # PROVIDE: preludelml @@ -13,7 +13,7 @@ procname="@PREFIX@/bin/prelude-lml" rcvar=${name} required_files="@PKG_SYSCONFDIR@/prelude-lml/prelude-lml.conf" start_precmd="preludelml_precommand" -start_cmd="@PREFIX@/sbin/run-prelude-lml -d --pidfile @PRELUDE_LML_PID_DIR@/prelude-lml.pid" +start_cmd="@PREFIX@/sbin/run-prelude-lml --pidfile @PRELUDE_LML_PID_DIR@/prelude-lml.pid" pidfile="@PRELUDE_LML_PID_DIR@/prelude-lml.pid" preludelml_precommand() diff --git a/security/prelude-lml/files/run-prelude-lml.c b/security/prelude-lml/files/run-prelude-lml.c index cd6dd165f05..41e5888524a 100644 --- a/security/prelude-lml/files/run-prelude-lml.c +++ b/security/prelude-lml/files/run-prelude-lml.c @@ -62,6 +62,8 @@ int main (int argc, char **argv ) gid_t GID; pid_t pidwait; int waitstat; + int s; + int max_fd; /* Sanity check */ if (argc > MAX_ARGS) @@ -69,13 +71,12 @@ int main (int argc, char **argv ) error_sys("arg buffer too small"); exit(-1); } -/* - if (getpid() != 0) + + if (geteuid() != 0) { error_sys("must be called by root"); exit(-1); } -*/ /* fork child that will become prelude-lml */ if ((pid = fork()) < 0) @@ -97,9 +98,23 @@ int main (int argc, char **argv ) /* Become session leader */ setsid(); + /* Change working directory to root directory. + The current working directory could be a mounted + filesystem; if the daemon stays on a mounted + filesystem it could prevent the filesystem from + being umounted. */ + chdir("/"); + /* Clear out file creation mask */ umask(0); + /* Close unneeded file descriptors */ + max_fd = (int) sysconf(_SC_OPEN_MAX); + if (max_fd == -1) + max_fd = getdtablesize(); + for (s = 3; s < max_fd; s++) + (void) close(s); + if (!obtainUIDandGID(PRELUDE_LML_USER, &UID, &GID)) exit(-1); |