From f9aa6e877e587956d1f3173a86feb67c1d619871 Mon Sep 17 00:00:00 2001
From: shannonjr <shannonjr@pkgsrc.org>
Date: Fri, 26 May 2006 11:43:42 +0000
Subject: Added additional environment cleanup before exec'ing prelude-manager.

---
 security/prelude-manager/Makefile                   |  3 ++-
 .../prelude-manager/files/run-prelude-manager.c     | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

(limited to 'security/prelude-manager')

diff --git a/security/prelude-manager/Makefile b/security/prelude-manager/Makefile
index c8454cd224c..81f6cf2b7ee 100644
--- a/security/prelude-manager/Makefile
+++ b/security/prelude-manager/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.7 2006/04/24 10:43:44 shannonjr Exp $
+# $NetBSD: Makefile,v 1.8 2006/05/26 11:43:42 shannonjr Exp $
 #
 
 DISTNAME=		prelude-manager-0.9.4.1
+PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		http://www.prelude-ids.org/download/releases/
 
diff --git a/security/prelude-manager/files/run-prelude-manager.c b/security/prelude-manager/files/run-prelude-manager.c
index 1c28d5470ae..5e4a6e5fd0e 100644
--- a/security/prelude-manager/files/run-prelude-manager.c
+++ b/security/prelude-manager/files/run-prelude-manager.c
@@ -70,6 +70,7 @@ int main (int argc, char **argv )
     pid_t pidwait;
     int waitstat;
     int maxfd;
+    int s;
 
     /* Sanity check */
     if (argc > MAX_ARGS)
@@ -78,6 +79,12 @@ int main (int argc, char **argv )
         exit(-1);
     }
 
+    if (geteuid() != 0)
+    {
+        error_sys("must be called by root");
+        exit(-1);
+    }
+
     /* fork child that will become prelude-manager */
     if ((pid = fork()) < 0)
 
@@ -98,9 +105,23 @@ int main (int argc, char **argv )
             /* Become session leader */
             setsid();
 
+            /* Change working directory to root directory.
+               The current working directory could be a mounted
+               filesystem; if the daemon stays on a mounted
+               filesystem it could prevent the filesystem from
+               being umounted. */
+            chdir("/");
+
             /* Clear out file creation mask */
             umask(0);
 
+            /* Close unneeded file descriptors */
+            maxfd = (int) sysconf(_SC_OPEN_MAX);
+            if (maxfd == -1)
+                maxfd = getdtablesize();
+            for (s = 3; s < maxfd; s++)
+                (void) close(s);
+
             /* Increase limit on number of open file descriptors if necessary */
             maxfd = fdlim_get(1);
             if (maxfd < 0)
-- 
cgit v1.2.3