summaryrefslogtreecommitdiffstats
path: root/main/fprobe-ulog/fix-setuser.patch
blob: 1a5895d27aa4ae9b60a323ccd4d7cb092ca7fb92 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
From: Timo Teräs <timo.teras@iki.fi>

Fix setre[gu]id handling for musl. The libc calls work per POSIX definition
and change the process values (including all threads). Remove the per-thread
hacks. This fixes a race condition that created thread calls first setreuid()
causing the setgroups() call in the main thread to fail with -EPERM.

diff -ru fprobe-ulog-1.2.orig/src/fprobe-ulog.c fprobe-ulog-1.2/src/fprobe-ulog.c
--- fprobe-ulog-1.2.orig/src/fprobe-ulog.c	2015-06-01 08:48:25.858651393 -0300
+++ fprobe-ulog-1.2/src/fprobe-ulog.c	2015-06-01 08:49:07.645734248 -0300
@@ -622,18 +622,6 @@
 	return p;
 }
 
-void setuser() {
-	/*
-	Workaround for clone()-based threads
-	Try to change EUID independently of main thread
-	*/
-	if (pw) {
-		setgroups(0, NULL);
-		setregid(pw->pw_gid, pw->pw_gid);
-		setreuid(pw->pw_uid, pw->pw_uid);
-	}
-}
-
 void *emit_thread()
 {
 	struct Flow *flow;
@@ -645,8 +633,6 @@
 	p = (void *) &emit_packet + netflow->HeaderSize;
 	timeout.tv_nsec = 0;
 
-	setuser();
-
 	for (;;) {
 		pthread_mutex_lock(&emit_mutex);
 		while (!flows_emit) {
@@ -733,8 +719,6 @@
 	char logbuf[256];
 #endif
 
-	setuser();
-
 	timeout.tv_nsec = 0;
 	pthread_mutex_lock(&unpending_mutex);
 
@@ -780,8 +764,6 @@
 	struct Time now;
 	struct timespec timeout;
 
-	setuser();
-
 	timeout.tv_nsec = 0;
 	pthread_mutex_lock(&scan_mutex);
 
@@ -876,8 +858,6 @@
 	char logbuf[256];
 #endif
 
-	setuser();
-
 	while (!killed) {
 		len = ipulog_read(ulog_handle, cap_buf, CAPTURE_SIZE, 1);
 		if (len <= 0) {
@@ -1386,6 +1366,21 @@
 		}
 	}
 
+	if (pw) {
+		if (setgroups(0, NULL)) {
+			my_log(LOG_CRIT, "setgroups(): %s", strerror(errno));
+			exit(1);
+		}
+		if (setregid(pw->pw_gid, pw->pw_gid)) {
+			my_log(LOG_CRIT, "setregid(%u): %s", pw->pw_gid, strerror(errno));
+			exit(1);
+		}
+		if (setreuid(pw->pw_uid, pw->pw_uid)) {
+			my_log(LOG_CRIT, "setreuid(%u): %s", pw->pw_uid, strerror(errno));
+			exit(1);
+		}
+	}
+
 	schedp.sched_priority = schedp.sched_priority - THREADS + 2;
 	pthread_attr_init(&tattr);
 	for (i = 0; i < THREADS - 1; i++) {
@@ -1404,21 +1399,6 @@
 		schedp.sched_priority++;
 	}
 
-	if (pw) {
-		if (setgroups(0, NULL)) {
-			my_log(LOG_CRIT, "setgroups(): %s", strerror(errno));
-			exit(1);
-		}
-		if (setregid(pw->pw_gid, pw->pw_gid)) {
-			my_log(LOG_CRIT, "setregid(%u): %s", pw->pw_gid, strerror(errno));
-			exit(1);
-		}
-		if (setreuid(pw->pw_uid, pw->pw_uid)) {
-			my_log(LOG_CRIT, "setreuid(%u): %s", pw->pw_uid, strerror(errno));
-			exit(1);
-		}
-	}
-
 	my_log(LOG_INFO, "pid: %d", pid);
 	my_log(LOG_INFO, "options: u=%u s=%u g=%u d=%u e=%u n=%u a=%s "
 		"M=%d b=%u m=%u q=%u B=%u r=%u t=%u:%u c=%s u=%s v=%u l=%u%s",