aboutsummaryrefslogtreecommitdiffstats
path: root/main/fprobe-ulog/fix-setuser.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/fprobe-ulog/fix-setuser.patch')
-rw-r--r--main/fprobe-ulog/fix-setuser.patch60
1 files changed, 52 insertions, 8 deletions
diff --git a/main/fprobe-ulog/fix-setuser.patch b/main/fprobe-ulog/fix-setuser.patch
index 675fa986ab..1a5895d27a 100644
--- a/main/fprobe-ulog/fix-setuser.patch
+++ b/main/fprobe-ulog/fix-setuser.patch
@@ -5,10 +5,10 @@ and change the process values (including all threads). Remove the per-thread
hacks. This fixes a race condition that created thread calls first setreuid()
causing the setgroups() call in the main thread to fail with -EPERM.
-diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.c
---- fprobe-ulog-1.1.orig/src/fprobe-ulog.c 2014-07-30 13:09:34.000000000 -0300
-+++ fprobe-ulog-1.1/src/fprobe-ulog.c 2014-07-30 13:46:25.952717084 -0300
-@@ -619,18 +619,6 @@
+diff -ru fprobe-ulog-1.2.orig/src/fprobe-ulog.c fprobe-ulog-1.2/src/fprobe-ulog.c
+--- fprobe-ulog-1.2.orig/src/fprobe-ulog.c 2015-06-01 08:48:25.858651393 -0300
++++ fprobe-ulog-1.2/src/fprobe-ulog.c 2015-06-01 08:49:07.645734248 -0300
+@@ -622,18 +622,6 @@
return p;
}
@@ -27,7 +27,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
void *emit_thread()
{
struct Flow *flow;
-@@ -642,8 +630,6 @@
+@@ -645,8 +633,6 @@
p = (void *) &emit_packet + netflow->HeaderSize;
timeout.tv_nsec = 0;
@@ -36,7 +36,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
for (;;) {
pthread_mutex_lock(&emit_mutex);
while (!flows_emit) {
-@@ -730,8 +716,6 @@
+@@ -733,8 +719,6 @@
char logbuf[256];
#endif
@@ -45,7 +45,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
timeout.tv_nsec = 0;
pthread_mutex_lock(&unpending_mutex);
-@@ -777,8 +761,6 @@
+@@ -780,8 +764,6 @@
struct Time now;
struct timespec timeout;
@@ -54,7 +54,7 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
timeout.tv_nsec = 0;
pthread_mutex_lock(&scan_mutex);
-@@ -872,8 +854,6 @@
+@@ -876,8 +858,6 @@
char logbuf[256];
#endif
@@ -63,3 +63,47 @@ diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.
while (!killed) {
len = ipulog_read(ulog_handle, cap_buf, CAPTURE_SIZE, 1);
if (len <= 0) {
+@@ -1386,6 +1366,21 @@
+ }
+ }
+
++ if (pw) {
++ if (setgroups(0, NULL)) {
++ my_log(LOG_CRIT, "setgroups(): %s", strerror(errno));
++ exit(1);
++ }
++ if (setregid(pw->pw_gid, pw->pw_gid)) {
++ my_log(LOG_CRIT, "setregid(%u): %s", pw->pw_gid, strerror(errno));
++ exit(1);
++ }
++ if (setreuid(pw->pw_uid, pw->pw_uid)) {
++ my_log(LOG_CRIT, "setreuid(%u): %s", pw->pw_uid, strerror(errno));
++ exit(1);
++ }
++ }
++
+ schedp.sched_priority = schedp.sched_priority - THREADS + 2;
+ pthread_attr_init(&tattr);
+ for (i = 0; i < THREADS - 1; i++) {
+@@ -1404,21 +1399,6 @@
+ schedp.sched_priority++;
+ }
+
+- if (pw) {
+- if (setgroups(0, NULL)) {
+- my_log(LOG_CRIT, "setgroups(): %s", strerror(errno));
+- exit(1);
+- }
+- if (setregid(pw->pw_gid, pw->pw_gid)) {
+- my_log(LOG_CRIT, "setregid(%u): %s", pw->pw_gid, strerror(errno));
+- exit(1);
+- }
+- if (setreuid(pw->pw_uid, pw->pw_uid)) {
+- my_log(LOG_CRIT, "setreuid(%u): %s", pw->pw_uid, strerror(errno));
+- exit(1);
+- }
+- }
+-
+ my_log(LOG_INFO, "pid: %d", pid);
+ my_log(LOG_INFO, "options: u=%u s=%u g=%u d=%u e=%u n=%u a=%s "
+ "M=%d b=%u m=%u q=%u B=%u r=%u t=%u:%u c=%s u=%s v=%u l=%u%s",