please ignore this email as it was previously posted and replied.
Vicky
On Tue, Nov 18, 2014 at 7:14 AM, Stefan Berger <[email protected]> wrote:
> From: Stefan Berger <[email protected]>
>
> Currently TCSD requires that it is run by root or the tss user since only
> then
> it will be able to setuid to tss or read the TCSD configuration file,
> which must
> also be owned by tss:tss. However, there are use cases when TCSD does not
> need
> to be started as root, particularly when it communicates with a TPM
> emulator
> over sockets. In this case we should be able to start the TCSD from a
> non-privileged user account.
>
> Signed-off-by: Stefan Berger <[email protected]>
> ---
> src/tcsd/svrside.c | 4 ++++
> src/tcsd/tcsd_conf.c | 5 +++++
> 2 files changed, 9 insertions(+)
>
> diff --git a/src/tcsd/svrside.c b/src/tcsd/svrside.c
> index 1ae1636..f00ff38 100644
> --- a/src/tcsd/svrside.c
> +++ b/src/tcsd/svrside.c
> @@ -463,6 +463,9 @@ main(int argc, char **argv)
> "(Compiled with --disable-usercheck)");
> #else
> #ifndef SOLARIS
> + if (getuid() == 0)
> + goto skip_setuid;
> +
> pwd = getpwnam(TSS_USER_NAME);
> if (pwd == NULL) {
> if (errno == 0) {
> @@ -474,6 +477,7 @@ main(int argc, char **argv)
> return TCSERR(TSS_E_INTERNAL_ERROR);
> }
> setuid(pwd->pw_uid);
> + skip_setuid:
> #endif
> #endif
>
> diff --git a/src/tcsd/tcsd_conf.c b/src/tcsd/tcsd_conf.c
> index a31503d..549c2bb 100644
> --- a/src/tcsd/tcsd_conf.c
> +++ b/src/tcsd/tcsd_conf.c
> @@ -772,6 +772,9 @@ conf_file_init(struct tcsd_config *conf)
>
> #ifndef NOUSERCHECK
> #ifndef SOLARIS
> + if (getuid() == 0)
> + goto skip_tss_check;
> +
> /* find the gid that owns the conf file */
> errno = 0;
> grp = getgrnam(TSS_GROUP_NAME);
> @@ -809,6 +812,8 @@ conf_file_init(struct tcsd_config *conf)
> LogError("TCSD config file (%s) must be mode 0600",
> tcsd_config_file);
> return TCSERR(TSS_E_INTERNAL_ERROR);
> }
> +
> + skip_tss_check:
> #endif /* SOLARIS */
> #endif /* NOUSERCHECK */
>
> --
> 1.9.3
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> _______________________________________________
> TrouSerS-tech mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-tech
>
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
