On 01/22/15 11:03, Luis Felipe Strano Moraes wrote:
> toys/pending/tcpsvd.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/toys/pending/tcpsvd.c b/toys/pending/tcpsvd.c
> index 585ae73..763b3f9 100644
> --- a/toys/pending/tcpsvd.c
> +++ b/toys/pending/tcpsvd.c
> @@ -285,8 +285,8 @@ void tcpsvd_main(void)
> fd = create_bind_sock(toys.optargs[0], (struct sockaddr*)&haddr);
> if(toys.optflags & FLAG_u) {
> get_uidgid(&uid, &gid, TT.user);
> - setuid(uid);
> - setgid(gid);
> + if (setuid(uid) < 0) perror_exit("User change failed");
> + if (setgid(gid) < 0) perror_exit("Group change failed");
> }
>
> if (!TT.udp && (listen(fd, TT.bn) < 0)) perror_exit("Listen failed");
Indeed (pending again, and I'm aware SELinux can veto this even for root
so that's a fun case where enabling SELinux can _leave_ a process as root
that otherwise would have dropped privileges, I am _such_ a fan...).
But I've got an "xsetuser()" function in lib/xwrap.c that I'd prefer to use
for this, which means I'm probably yanking the whole get_uidgid() and
rewriting it.
I also have a todo item to make xbind() so create_bind_sock() is a repeat,
and sock_to_address is code ifconfig already did so that should be shared,
and handle_signal() is just _weird_ (I was thinking it was a duplicate of
generic_signal() in lib/lib.c but printf() and then raise it again? why?),
and really half this code is netcat -L by another name so I should merge
them...
It's on the todo list. This is not a trivial one to review and clean up.
(Not because it's hard, just because there are a lot of separate things to
do and some of it's picking already implemented code out of other commands
and genericizing them into lib/net.c now that there's more than one user.)
Rob
_______________________________________________
Toybox mailing list
Toybox@lists.landley.net
http://lists.landley.net/listinfo.cgi/toybox-landley.net
