subject:"Bug#266722\: oidentd\: fix for permission problems reading \/proc\/net\/ip

Bug#266722: oidentd: fix for permission problems reading /proc/net/ip_conntrack

2006-01-27 Thread Martin Waitz

hoi :)

On Thu, Jan 26, 2006 at 04:56:43PM +0100, Christof Douma wrote:
 I created a patch to open /proc/net/ip_conntrack before dropping
 permissions. It fixes this bug.

great! I will test this patch and then upload a new version!

-- 
Martin Waitz


signature.asc
Description: Digital signature

Bug#266722: oidentd: fix for permission problems reading /proc/net/ip_conntrack

2006-01-26 Thread Christof Douma

Package: oidentd
Version: 2.0.7-3
Followup-For: Bug #266722

I created a patch to open /proc/net/ip_conntrack before dropping
permissions. It fixes this bug.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.9-rc2-paper
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)

Versions of packages oidentd depends on:
ii  libc6 2.3.5-8.1  GNU C Library: Shared libraries an

oidentd recommends no packages.

-- no debconf information
diff -ur oidentd-2.0.7-orig/AUTHORS oidentd-2.0.7/AUTHORS
--- oidentd-2.0.7-orig/AUTHORS  2003-02-12 03:15:55.0 +0100
+++ oidentd-2.0.7/AUTHORS   2006-01-26 16:36:09.0 +0100
@@ -1,5 +1,8 @@
+Christof Douma [EMAIL PROTECTED]
+netfilter premissions fix
+
 Kamil Andrusz [EMAIL PROTECTED]
-   OpenBSD = 3.0 Packet Filter support.
+OpenBSD = 3.0 Packet Filter support.
 
 Daniel Brafford [EMAIL PROTECTED]
 Initial IPv6 support, Initial IPv6 support on Linux.
diff -ur oidentd-2.0.7-orig/ChangeLog oidentd-2.0.7/ChangeLog
--- oidentd-2.0.7-orig/ChangeLog2003-07-11 17:48:32.0 +0200
+++ oidentd-2.0.7/ChangeLog 2006-01-26 16:33:30.0 +0100
@@ -1,3 +1,7 @@
+Thu Jan 26 16:32:18 CET 2006Christof Douma [EMAIL PROTECTED]
+
+* Open masquerading options before dropping permissions on linux.
+
 Fri Jul 11 10:11:38 EDT 2003Ryan McCabe [EMAIL PROTECTED]
 
 * Really fix the bug with random ident replies.
diff -ur oidentd-2.0.7-orig/src/kernel/darwin.c 
oidentd-2.0.7/src/kernel/darwin.c
--- oidentd-2.0.7-orig/src/kernel/darwin.c  2003-02-14 05:33:32.0 
+0100
+++ oidentd-2.0.7/src/kernel/darwin.c   2006-01-26 16:21:39.0 +0100
@@ -220,6 +220,13 @@
return (temp_file);
 }
 
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+   return true;
+}
+
 /*
 ** Return the UID of the connection owner
 */
diff -ur oidentd-2.0.7-orig/src/kernel/freebsd4.c 
oidentd-2.0.7/src/kernel/freebsd4.c
--- oidentd-2.0.7-orig/src/kernel/freebsd4.c2003-02-12 08:26:25.0 
+0100
+++ oidentd-2.0.7/src/kernel/freebsd4.c 2006-01-26 16:22:13.0 +0100
@@ -48,6 +48,13 @@
 #include oidentd_inet_util.h
 #include oidentd_options.h
 
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+   return true;
+}
+
 extern struct sockaddr_storage proxy;
 
 int get_user4( in_port_t lport,
diff -ur oidentd-2.0.7-orig/src/kernel/freebsd5.c 
oidentd-2.0.7/src/kernel/freebsd5.c
--- oidentd-2.0.7-orig/src/kernel/freebsd5.c2003-02-12 03:15:59.0 
+0100
+++ oidentd-2.0.7/src/kernel/freebsd5.c 2006-01-26 16:22:33.0 +0100
@@ -245,6 +245,13 @@
 
 #endif
 
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+   return true;
+}
+
 /*
 ** Return the UID of the connection owner
 */
diff -ur oidentd-2.0.7-orig/src/kernel/freebsd.c 
oidentd-2.0.7/src/kernel/freebsd.c
--- oidentd-2.0.7-orig/src/kernel/freebsd.c 2003-02-12 03:15:59.0 
+0100
+++ oidentd-2.0.7/src/kernel/freebsd.c  2006-01-26 16:22:40.0 +0100
@@ -244,6 +244,13 @@
 
 #endif
 
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+   return true;
+}
+
 /*
 ** Return the UID of the connection owner
 */
diff -ur oidentd-2.0.7-orig/src/kernel/linux.c oidentd-2.0.7/src/kernel/linux.c
--- oidentd-2.0.7-orig/src/kernel/linux.c   2006-01-26 15:37:07.0 
+0100
+++ oidentd-2.0.7/src/kernel/linux.c2006-01-26 16:49:11.0 +0100
@@ -56,6 +56,39 @@
in_port_t src_port,
in_port_t dst_port);
 
+#ifdef MASQ_SUPPORT
+FILE *masq_fp;
+bool netfilter;
+#endif
+
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ * - open connection tracking file before dropping permissions
+ */
+bool core_init() {
+#ifdef MASQ_SUPPORT
+   masq_fp = fopen(MASQFILE, r);
+   if (masq_fp == NULL) {
+   if (errno != ENOENT)
+   debug(fopen: %s: %s, MASQFILE, strerror(errno));
+
+   masq_fp = fopen(CONNTRACK, r);
+   if (masq_fp == NULL) {
+   if (errno != ENOENT)
+   debug(fopen: %s: %s, CONNTRACK, 
strerror(errno));
+   return false; //return true to allow operation without 
masquerade support
+   }
+
+   netfilter = true;
+   } else {
+   netfilter = false;
+   }
+#endif
+
+   return true;
+}
+
+
 #ifdef WANT_IPV6
 
 /*
@@ -247,9 +280,7 @@
struct sockaddr_storage *laddr,
struct sockaddr_storage

Bug#266722: oidentd: fix for permission problems reading /proc/net/ip_conntrack

Bug#266722: oidentd: fix for permission problems reading /proc/net/ip_conntrack

2 matches

Site Navigation

Mail list logo

Footer information