1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
$NetBSD: patch-ae,v 1.1.1.1 2001/10/21 21:26:52 seb Exp $
--- src/ircd.c.orig Wed Jul 18 04:15:26 2001
+++ src/ircd.c
@@ -58,6 +58,7 @@
#include <errno.h>
#include <time.h>
#include <pwd.h>
+#include <grp.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/file.h>
@@ -656,15 +657,16 @@
int fd;
char buff[20];
pid_t pidfromfile;
+ ssize_t n;
if ((fd = open(PPATH, O_RDONLY)) >= 0 )
{
- if (read(fd, buff, sizeof(buff)) == -1)
+ n = read(fd, buff, sizeof(buff));
+ if (n == -1)
{
/* printf("NOTICE: problem reading from %s (%s)\n", PPATH,
strerror(errno)); */
- }
- else
+ } else if ( n != 0 )
{
pidfromfile = atoi(buff);
if (pidfromfile != (int)getpid() && !kill(pidfromfile, 0))
@@ -675,10 +677,6 @@
}
close(fd);
}
- else
- {
- printf("WARNING: problem opening %s: %s\n", PPATH, strerror(errno));
- }
}
/*
@@ -835,7 +833,7 @@
}
#endif
-#if !defined(CHROOTDIR) || (defined(IRC_UID) && defined(IRC_GID))
+#if !defined(CHROOTDIR) || (defined(IRC_UID) && defined(IRC_GID)) || (defined(IRC_USER) && defined(IRC_GROUP))
setuid(euid);
@@ -862,6 +860,36 @@
exit(-1);
}
+#elif defined(IRC_USER) && defined(IRC_GROUP)
+ {
+ struct passwd *pe;
+ struct group *ge;
+
+ /* run as a specified user and group */
+ fprintf(stderr,"WARNING: running ircd as user %s\n", IRC_USER);
+ fprintf(stderr," and as group %s.\n",IRC_GROUP);
+
+ if ((pe = getpwnam(IRC_USER)) == NULL) {
+ fprintf(stderr,"could not get definition of user " IRC_USER "\n");
+ exit(1);
+ }
+ if ((ge = getgrnam(IRC_GROUP)) == NULL) {
+ fprintf(stderr,"could not get definition of group " IRC_GROUP "\n");
+ exit(1);
+ }
+
+ if (setgid(ge->gr_gid) < 0)
+ {
+ fprintf(stderr,"ERROR: can't setgid(%d)\n", ge->gr_gid);
+ exit(-1);
+ }
+
+ if(setuid(pe->pw_uid) < 0)
+ {
+ fprintf(stderr,"ERROR: can't setuid(%d)\n", pe->pw_uid);
+ exit(-1);
+ }
+ }
#else
/* check for setuid root as usual */
fprintf(stderr,
|