On Thu, 26 Dec 2024 17:29:30 +0100,
Stuart Henderson <[email protected]> wrote:
>
> Diff that can be applied with patch:
> (I added optional braces as it's multi line and I think clearer
> like that).
>
> ok?
>
Doesn't a user who runs validation need access to the keys in /etc/iked/private?
>
> Index: iked.c
> ===================================================================
> RCS file: /cvs/src/sbin/iked/iked.c,v
> diff -u -p -r1.71 iked.c
> --- iked.c 13 Jul 2024 12:22:46 -0000 1.71
> +++ iked.c 26 Dec 2024 16:27:08 -0000
> @@ -178,10 +178,6 @@ main(int argc, char *argv[])
> group_init();
> policy_init(env);
>
> - /* check for root privileges */
> - if (geteuid())
> - errx(1, "need root privileges");
> -
> if ((ps->ps_pw = getpwnam(IKED_USER)) == NULL)
> errx(1, "unknown user %s", IKED_USER);
>
> @@ -193,6 +189,11 @@ main(int argc, char *argv[])
>
> if (opts & IKED_OPT_NOACTION)
> ps->ps_noaction = 1;
> + else {
> + /* check for root privileges */
> + if (geteuid())
> + errx(1, "need root privileges");
> + }
>
> ps->ps_instance = proc_instance;
> if (title != NULL)
>
--
wbr, Kirill
