You can paste patch this in if you want (not a real diff, but you might as
well look at the code anyway, you might see something else to improve):
at the bottom of backupd.c/setup_security():
/* make up your own "home dir" for whatever you typically change
uid-gid to in backupd's changeuser() function via settings in
/etc/backupd.conf; I just used a literal, you might want to
set it up with a literal defined as a macro in a local header that
backupd already #includes */
if (chdir("/backupd/sandbox/") != 0) {
errexit("Cannot chdir() to /backupd/sandbox/");
}
} /* end of setup_security() function */
In backupd.c/readwrite() (call to changeuser() is already there):
changeuser( res );
/* I start it as root in inetd.conf, so a setuid()/setgid() change
sets both uid/euid and gid/egid; hence I don't need geteuid() */
if (getuid() == (uid_t) 0) {
errexit("Still running as root after changeuser()");
}
/* rest of function, ie umask adjustment, etc */
backupd logs errors via syslog, errexit() is already defined for it.
Regards,
Clayton Weaver
<mailto:[EMAIL PROTECTED]>
(Seattle)
"Everbody's ignorant, just in different subjects." Will Rogers
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
