From: Stefan Berger <[email protected]> Currently TCSD requires that it is run by root or the tss user since only then it will be able to setuid to tss or read the TCSD configuration file, which must also be owned by tss:tss. However, there are use cases when TCSD does not need to be started as root, particularly when it communicates with a TPM emulator over sockets. In this case we should be able to start the TCSD from a non-privileged user account.
Signed-off-by: Stefan Berger <[email protected]> --- src/tcsd/svrside.c | 4 ++++ src/tcsd/tcsd_conf.c | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/src/tcsd/svrside.c b/src/tcsd/svrside.c index 1ae1636..f00ff38 100644 --- a/src/tcsd/svrside.c +++ b/src/tcsd/svrside.c @@ -463,6 +463,9 @@ main(int argc, char **argv) "(Compiled with --disable-usercheck)"); #else #ifndef SOLARIS + if (getuid() == 0) + goto skip_setuid; + pwd = getpwnam(TSS_USER_NAME); if (pwd == NULL) { if (errno == 0) { @@ -474,6 +477,7 @@ main(int argc, char **argv) return TCSERR(TSS_E_INTERNAL_ERROR); } setuid(pwd->pw_uid); + skip_setuid: #endif #endif diff --git a/src/tcsd/tcsd_conf.c b/src/tcsd/tcsd_conf.c index a31503d..549c2bb 100644 --- a/src/tcsd/tcsd_conf.c +++ b/src/tcsd/tcsd_conf.c @@ -772,6 +772,9 @@ conf_file_init(struct tcsd_config *conf) #ifndef NOUSERCHECK #ifndef SOLARIS + if (getuid() == 0) + goto skip_tss_check; + /* find the gid that owns the conf file */ errno = 0; grp = getgrnam(TSS_GROUP_NAME); @@ -809,6 +812,8 @@ conf_file_init(struct tcsd_config *conf) LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); return TCSERR(TSS_E_INTERNAL_ERROR); } + + skip_tss_check: #endif /* SOLARIS */ #endif /* NOUSERCHECK */ -- 1.9.3 ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
