main/fprobe-ulog: fix setre[ug]id usage

1 files changed, 65 insertions, 0 deletions

diff --git a/main/fprobe-ulog/fix-setuser.patch b/main/fprobe-ulog/fix-setuser.patch
new file mode 100644
index 0000000000..675fa986ab
--- /dev/null
+++ b/main/fprobe-ulog/fix-setuser.patch
@@ -0,0 +1,65 @@
+From: Timo Teräs <timo.teras@iki.fi>
+
+Fix setre[gu]id handling for musl. The libc calls work per POSIX definition
+and change the process values (including all threads). Remove the per-thread
+hacks. This fixes a race condition that created thread calls first setreuid()
+causing the setgroups() call in the main thread to fail with -EPERM.
+
+diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.c
+--- fprobe-ulog-1.1.orig/src/fprobe-ulog.c	2014-07-30 13:09:34.000000000 -0300
++++ fprobe-ulog-1.1/src/fprobe-ulog.c	2014-07-30 13:46:25.952717084 -0300
+@@ -619,18 +619,6 @@
+ 	return p;
+ }
+ 
+-void setuser() {
+-	/*
+-	Workaround for clone()-based threads
+-	Try to change EUID independently of main thread
+-	*/
+-	if (pw) {
+-		setgroups(0, NULL);
+-		setregid(pw->pw_gid, pw->pw_gid);
+-		setreuid(pw->pw_uid, pw->pw_uid);
+-	}
+-}
+-
+ void *emit_thread()
+ {
+ 	struct Flow *flow;
+@@ -642,8 +630,6 @@
+ 	p = (void *) &emit_packet + netflow->HeaderSize;
+ 	timeout.tv_nsec = 0;
+ 
+-	setuser();
+-
+ 	for (;;) {
+ 		pthread_mutex_lock(&emit_mutex);
+ 		while (!flows_emit) {
+@@ -730,8 +716,6 @@
+ 	char logbuf[256];
+ #endif
+ 
+-	setuser();
+-
+ 	timeout.tv_nsec = 0;
+ 	pthread_mutex_lock(&unpending_mutex);
+ 
+@@ -777,8 +761,6 @@
+ 	struct Time now;
+ 	struct timespec timeout;
+ 
+-	setuser();
+-
+ 	timeout.tv_nsec = 0;
+ 	pthread_mutex_lock(&scan_mutex);
+ 
+@@ -872,8 +854,6 @@
+ 	char logbuf[256];
+ #endif
+ 
+-	setuser();
+-
+ 	while (!killed) {
+ 		len = ipulog_read(ulog_handle, cap_buf, CAPTURE_SIZE, 1);
+ 		if (len <= 0) {