diff options
author | Timo Teräs <timo.teras@iki.fi> | 2014-07-30 09:59:37 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2014-07-30 14:08:44 +0300 |
commit | a367d15bffbabf1c4036ca2cf68bb3961786daad (patch) | |
tree | 1dd808087c8fbdcc9fae89ca23d457b550f3b90a /main/fprobe-ulog | |
parent | fbe109d9baf2c6b1152c055a575651a4ef80a8c7 (diff) | |
download | aports-a367d15bffbabf1c4036ca2cf68bb3961786daad.tar.bz2 aports-a367d15bffbabf1c4036ca2cf68bb3961786daad.tar.xz |
main/fprobe-ulog: fix setre[ug]id usage
Diffstat (limited to 'main/fprobe-ulog')
-rw-r--r-- | main/fprobe-ulog/APKBUILD | 16 | ||||
-rw-r--r-- | main/fprobe-ulog/fix-setuser.patch | 65 |
2 files changed, 79 insertions, 2 deletions
diff --git a/main/fprobe-ulog/APKBUILD b/main/fprobe-ulog/APKBUILD index 6dddc8d39c..09f981dbb5 100644 --- a/main/fprobe-ulog/APKBUILD +++ b/main/fprobe-ulog/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=fprobe-ulog pkgver=1.1 -pkgrel=2 +pkgrel=3 pkgdesc="netfilter-based tool that collect network traffic" url="http://fprobe.sourceforge.net/" arch="all" @@ -14,6 +14,7 @@ source="http://downloads.sourceforge.net/project/fprobe/$pkgname/$pkgver/$pkgnam fprobe-ulog.confd fprobe-ulog.initd fprobe-1.1-pidfile-sanity.patch + fix-setuser.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -53,4 +54,15 @@ package() { md5sums="cdb2e4edc47e8a3d5479eeabfb979ebc fprobe-ulog-1.1.tar.bz2 8aabfe548f2fb197a10c8ccfaa4d0a23 fprobe-ulog.confd df64f84f28af0976bff35a8fda8d663a fprobe-ulog.initd -f1316ad835c1a2b6565b4dc448b022df fprobe-1.1-pidfile-sanity.patch" +f1316ad835c1a2b6565b4dc448b022df fprobe-1.1-pidfile-sanity.patch +86bedb26dd76e7326578caae875c22a4 fix-setuser.patch" +sha256sums="53b9ccbca4469dfb0e9da91f9f0789dbf732f2adac9de18842e3c210b445f2ad fprobe-ulog-1.1.tar.bz2 +7101091e238f5b0719a66f525f5bdc000ad593f492dd51896e2bd077fcada8f4 fprobe-ulog.confd +5408a87e4d736918afb754bbfada578e504b5583203c3e7f7760f6fe1bdb6c75 fprobe-ulog.initd +660531f8ba574f80835bb26390e47c2541a3c75985656d46a334c38bfaa4e362 fprobe-1.1-pidfile-sanity.patch +4ea5dd2513049aecf018aac1bd1f67f5ad4bf6359724c17235eeeddb00889095 fix-setuser.patch" +sha512sums="144c420709e19d6d9212d5d849c9d68526aeabbb2a17c6d7c84f4ebc5760473b9adef2c1fb99ae4d70a15daa48a9e05e340a4928203f8bb88aeadf8317410fe1 fprobe-ulog-1.1.tar.bz2 +388522863b5c77a334ee11bd771717d829448c85755b58088e22558b99a98514ac95ec3122cf3cb1ce7376f40ac0bae6bf1488dbd4ef60170c3ff83824988195 fprobe-ulog.confd +557fc66e7aeaea92800d7457c8f637dd78ccd99765e0f37bf49bf91eccb744c2b68f2aace79babe823af5daee86afc7b4e3c846969cc444325b3703d3ffbccd5 fprobe-ulog.initd +e8d5103d2c12fffb913b327badf07e6ac3a0ad8b6e39e942c50dc7e472391b345006b7ee7b7d12a4613c351db2b4e88a6fbd17cfa0907c7c9010faeced3ff557 fprobe-1.1-pidfile-sanity.patch +aef41de2cdacc9ad9f9f9f7f591b0d55f4b7face233a1c5ab1c63704b9b390e3daf50da1a6da65e8508303abb81f388968cc3b0132e9f02ee658127a542aa077 fix-setuser.patch" diff --git a/main/fprobe-ulog/fix-setuser.patch b/main/fprobe-ulog/fix-setuser.patch new file mode 100644 index 0000000000..675fa986ab --- /dev/null +++ b/main/fprobe-ulog/fix-setuser.patch @@ -0,0 +1,65 @@ +From: Timo Teräs <timo.teras@iki.fi> + +Fix setre[gu]id handling for musl. The libc calls work per POSIX definition +and change the process values (including all threads). Remove the per-thread +hacks. This fixes a race condition that created thread calls first setreuid() +causing the setgroups() call in the main thread to fail with -EPERM. + +diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.c +--- fprobe-ulog-1.1.orig/src/fprobe-ulog.c 2014-07-30 13:09:34.000000000 -0300 ++++ fprobe-ulog-1.1/src/fprobe-ulog.c 2014-07-30 13:46:25.952717084 -0300 +@@ -619,18 +619,6 @@ + return p; + } + +-void setuser() { +- /* +- Workaround for clone()-based threads +- Try to change EUID independently of main thread +- */ +- if (pw) { +- setgroups(0, NULL); +- setregid(pw->pw_gid, pw->pw_gid); +- setreuid(pw->pw_uid, pw->pw_uid); +- } +-} +- + void *emit_thread() + { + struct Flow *flow; +@@ -642,8 +630,6 @@ + p = (void *) &emit_packet + netflow->HeaderSize; + timeout.tv_nsec = 0; + +- setuser(); +- + for (;;) { + pthread_mutex_lock(&emit_mutex); + while (!flows_emit) { +@@ -730,8 +716,6 @@ + char logbuf[256]; + #endif + +- setuser(); +- + timeout.tv_nsec = 0; + pthread_mutex_lock(&unpending_mutex); + +@@ -777,8 +761,6 @@ + struct Time now; + struct timespec timeout; + +- setuser(); +- + timeout.tv_nsec = 0; + pthread_mutex_lock(&scan_mutex); + +@@ -872,8 +854,6 @@ + char logbuf[256]; + #endif + +- setuser(); +- + while (!killed) { + len = ipulog_read(ulog_handle, cap_buf, CAPTURE_SIZE, 1); + if (len <= 0) { |