diff options
-rw-r--r-- | main/fprobe-ulog/APKBUILD | 2 | ||||
-rw-r--r-- | main/fprobe-ulog/fix-setuser.patch | 60 |
2 files changed, 53 insertions, 9 deletions
diff --git a/main/fprobe-ulog/APKBUILD b/main/fprobe-ulog/APKBUILD index 9bb1f742fb..4d00c8f80d 100644 --- a/main/fprobe-ulog/APKBUILD +++ b/main/fprobe-ulog/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=fprobe-ulog pkgver=1.2 -pkgrel=0 +pkgrel=1 pkgdesc="netfilter-based tool that collect network traffic" url="https://github.com/opoplawski/fprobe-ulog" arch="all" diff --git a/main/fprobe-ulog/fix-setuser.patch b/main/fprobe-ulog/fix-setuser.patch index 675fa986ab..1a5895d27a 100644 --- a/main/fprobe-ulog/fix-setuser.patch +++ b/main/fprobe-ulog/fix-setuser.patch @@ -5,10 +5,10 @@ and change the process values (including all threads). Remove the per-thread hacks. This fixes a race condition that created thread calls first setreuid() causing the setgroups() call in the main thread to fail with -EPERM. -diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.c ---- fprobe-ulog-1.1.orig/src/fprobe-ulog.c 2014-07-30 13:09:34.000000000 -0300 -+++ fprobe-ulog-1.1/src/fprobe-ulog.c 2014-07-30 13:46:25.952717084 -0300 -@@ -619,18 +619,6 @@ +diff -ru fprobe-ulog-1.2.orig/src/fprobe-ulog.c fprobe-ulog-1.2/src/fprobe-ulog.c +--- fprobe-ulog-1.2.orig/src/fprobe-ulog.c 2015-06-01 08:48:25.858651393 -0300 ++++ fprobe-ulog-1.2/src/fprobe-ulog.c 2015-06-01 08:49:07.645734248 -0300 +@@ -622,18 +622,6 @@ return p; } @@ -27,7 +27,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog. void *emit_thread() { struct Flow *flow; -@@ -642,8 +630,6 @@ +@@ -645,8 +633,6 @@ p = (void *) &emit_packet + netflow->HeaderSize; timeout.tv_nsec = 0; @@ -36,7 +36,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog. for (;;) { pthread_mutex_lock(&emit_mutex); while (!flows_emit) { -@@ -730,8 +716,6 @@ +@@ -733,8 +719,6 @@ char logbuf[256]; #endif @@ -45,7 +45,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog. timeout.tv_nsec = 0; pthread_mutex_lock(&unpending_mutex); -@@ -777,8 +761,6 @@ +@@ -780,8 +764,6 @@ struct Time now; struct timespec timeout; @@ -54,7 +54,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog. timeout.tv_nsec = 0; pthread_mutex_lock(&scan_mutex); -@@ -872,8 +854,6 @@ +@@ -876,8 +858,6 @@ char logbuf[256]; #endif @@ -63,3 +63,47 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog. while (!killed) { len = ipulog_read(ulog_handle, cap_buf, CAPTURE_SIZE, 1); if (len <= 0) { +@@ -1386,6 +1366,21 @@ + } + } + ++ if (pw) { ++ if (setgroups(0, NULL)) { ++ my_log(LOG_CRIT, "setgroups(): %s", strerror(errno)); ++ exit(1); ++ } ++ if (setregid(pw->pw_gid, pw->pw_gid)) { ++ my_log(LOG_CRIT, "setregid(%u): %s", pw->pw_gid, strerror(errno)); ++ exit(1); ++ } ++ if (setreuid(pw->pw_uid, pw->pw_uid)) { ++ my_log(LOG_CRIT, "setreuid(%u): %s", pw->pw_uid, strerror(errno)); ++ exit(1); ++ } ++ } ++ + schedp.sched_priority = schedp.sched_priority - THREADS + 2; + pthread_attr_init(&tattr); + for (i = 0; i < THREADS - 1; i++) { +@@ -1404,21 +1399,6 @@ + schedp.sched_priority++; + } + +- if (pw) { +- if (setgroups(0, NULL)) { +- my_log(LOG_CRIT, "setgroups(): %s", strerror(errno)); +- exit(1); +- } +- if (setregid(pw->pw_gid, pw->pw_gid)) { +- my_log(LOG_CRIT, "setregid(%u): %s", pw->pw_gid, strerror(errno)); +- exit(1); +- } +- if (setreuid(pw->pw_uid, pw->pw_uid)) { +- my_log(LOG_CRIT, "setreuid(%u): %s", pw->pw_uid, strerror(errno)); +- exit(1); +- } +- } +- + my_log(LOG_INFO, "pid: %d", pid); + my_log(LOG_INFO, "options: u=%u s=%u g=%u d=%u e=%u n=%u a=%s " + "M=%d b=%u m=%u q=%u B=%u r=%u t=%u:%u c=%s u=%s v=%u l=%u%s", |