hal/hald Makefile.am, 1.42, 1.43 hald.c, 1.23, 1.24 run-hald.sh, 1.2,
1.3
David Zeuthen
david at freedesktop.org
Tue Feb 8 13:37:49 PST 2005
Update of /cvs/hal/hal/hald
In directory gabe:/tmp/cvs-serv13543/hald
Modified Files:
Makefile.am hald.c run-hald.sh
Log Message:
2005-02-08 David Zeuthen <davidz at redhat.com>
Patch from Sjoerd Simons <sjoerd at luon.net>.
Since i seem to be in an extreme mood anyway, attached it is a
patch that will make hal always drop permissions to non-root. Also
it removes keeping the net admin capability as it's not being used
anymore.
I think it's the right way to do things. There should be no reason
to run hald as root ever and forcing it from the start of the
development cycle is a good way of ensuring that :)
It would also be nice to have the addons that need to start out as
root (like the ups one) drop permission as soon as possible (one
can never be too sure)... Probably a utility function would be
nice for that, but i don't know where to place it (as the addons
and probers live in different dirs)
Slightly mangled by myself to remove libcap dep and introduce
the --retain-privileges option.
* configure.in: Don't require libcap
* hald/Makefile.am (hald_LDADD): Don't link with libcap
* hald/run-hald.sh: Use new --retain-privileges option since this
is the development runscript
* hald/hald.c (usage): Remove option --drop-privileges and introduce
new option --retain-privileges
(drop_privileges): Just drop to uid/gid of specified haldaemon user
and group. Don't use libcap anymore.
(main): Enforce new --retain-privileges option since it's useful for
development
Index: Makefile.am
===================================================================
RCS file: /cvs/hal/hal/hald/Makefile.am,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- Makefile.am 8 Feb 2005 16:44:20 -0000 1.42
+++ Makefile.am 8 Feb 2005 21:37:47 -0000 1.43
@@ -50,7 +50,7 @@
property.h property.c \
hald_conf.h hald_conf.c
-hald_LDADD = @PACKAGE_LIBS@ -lm -lcap @EXPAT_LIB@ $(top_builddir)/hald/$(HALD_BACKEND)/libhald_$(HALD_BACKEND).la
+hald_LDADD = @PACKAGE_LIBS@ -lm @EXPAT_LIB@ $(top_builddir)/hald/$(HALD_BACKEND)/libhald_$(HALD_BACKEND).la
if HAVE_SELINUX
hald_LDADD += -lselinux
Index: hald.c
===================================================================
RCS file: /cvs/hal/hal/hald/hald.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- hald.c 8 Feb 2005 16:44:20 -0000 1.23
+++ hald.c 8 Feb 2005 21:37:47 -0000 1.24
@@ -39,7 +39,6 @@
#include <errno.h>
#include <signal.h>
#include <sys/prctl.h>
-#include <sys/capability.h>
#include <grp.h>
#include <syslog.h>
@@ -208,12 +207,12 @@
fprintf (stderr, "\n" "usage : hald [--daemon=yes|no] [--verbose=yes|no] [--help]\n");
fprintf (stderr,
"\n"
- " --daemon=yes|no Become a daemon\n"
- " --verbose=yes|no Print out debug (overrides HALD_VERBOSE)\n"
- " --drop-privileges Run as normal user instead of root (calling of\n"
- " external scripts to modify fstab etc. will not work\n"
- " run as root)\n"
- " --help Show this information and exit\n"
+ " --daemon=yes|no Become a daemon\n"
+ " --verbose=yes|no Print out debug (overrides HALD_VERBOSE)\n"
+ " --retain-privileges Run as normal user instead of root (calling of\n"
+ " external scripts to modify fstab etc. will not work\n"
+ " run as root)\n"
+ " --help Show this information and exit\n"
"\n"
"The HAL daemon detects devices present in the system and provides the\n"
"org.freedesktop.Hal service through the system-wide message bus provided\n"
@@ -290,13 +289,11 @@
static int startup_daemonize_pipe[2];
/** Drop all but necessary privileges from hald when it runs as root. Set the
- * running user id to HAL_USER and group to HAL_GROUP and grant the following
- * capabilities: CAP_NET_ADMIN
+ * running user id to HAL_USER and group to HAL_GROUP
*/
static void
drop_privileges ()
{
- cap_t cap;
struct passwd *pw = NULL;
struct group *gr = NULL;
@@ -314,12 +311,6 @@
exit (-1);
}
- /* keep capabilities and change uid/gid */
- if( prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
- HAL_ERROR (("drop_privileges: could not keep capabilities"));
- exit (-1);
- }
-
if( initgroups (HAL_USER, gr->gr_gid)) {
HAL_ERROR (("drop_privileges: could not initialize groups"));
exit (-1);
@@ -334,20 +325,6 @@
HAL_ERROR (("drop_privileges: could not set user id"));
exit (-1);
}
-
- /* only keep necessary capabilities */
- cap = cap_from_text ("cap_net_admin=ep");
-
- if(cap_set_proc(cap)) {
- HAL_WARNING (("Your kernel does not support capabilities; some features will not be available."));
- /* we do not fail on kernels which do not support capabilities, since
- * only very few features actually depend on them */
- }
-
- if(cap_free (cap)) {
- HAL_ERROR (("drop_privileges: cap_free"));
- exit (-1);
- }
}
@@ -362,7 +339,10 @@
{
GMainLoop *loop;
guint sigterm_iochn_listener_source_id;
+ gboolean retain_privs;
+ retain_privs = FALSE;
+
openlog ("hald", LOG_PID, LOG_DAEMON);
g_type_init ();
@@ -381,7 +361,7 @@
{"daemon", 1, NULL, 0},
{"verbose", 1, NULL, 0},
{"help", 0, NULL, 0},
- {"drop-privileges", 0, NULL, 0},
+ {"retain-privileges", 0, NULL, 0},
{NULL, 0, NULL, 0}
};
@@ -415,8 +395,9 @@
usage ();
return 1;
}
- } else if (strcmp (opt, "drop-privileges") == 0)
- drop_privileges ();
+ } else if (strcmp (opt, "retain-privileges") == 0) {
+ retain_privs = TRUE;
+ }
break;
default:
@@ -426,6 +407,9 @@
}
}
+ if (!retain_privs)
+ drop_privileges();
+
if (hald_is_verbose)
logger_enable ();
else
Index: run-hald.sh
===================================================================
RCS file: /cvs/hal/hal/hald/run-hald.sh,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- run-hald.sh 8 Feb 2005 16:44:20 -0000 1.2
+++ run-hald.sh 8 Feb 2005 21:37:47 -0000 1.3
@@ -1,4 +1,5 @@
#!/bin/sh
export PATH=linux2:linux2/probing:linux2/addons:.:$PATH
-./hald --daemon=no --verbose=yes
+./hald --daemon=no --verbose=yes --retain-privileges
+
More information about the hal-commit
mailing list