/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.c

  • Committer: Björn Påhlsson
  • Date: 2011-07-25 18:46:19 UTC
  • mfrom: (237.7.35 trunk)
  • mto: (237.7.37 trunk)
  • mto: This revision was merged to the branch mainline in revision 284.
  • Revision ID: belorn@fukt.bsnet.se-20110725184619-l7vfsobr0bh9fc3l
merge

Show diffs side-by-side

added added

removed removed

Lines of Context:
742
742
    }
743
743
  }
744
744
  
745
 
  /* Strip permissions down to nobody */
 
745
  {
 
746
    /* Work around Debian bug #633582:
 
747
       <http://bugs.debian.org/633582> */
 
748
    int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
 
749
    if(plugindir_fd == -1){
 
750
      error(0, errno, "open");
 
751
    } else {
 
752
      ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
 
753
      if(ret == -1){
 
754
        error(0, errno, "fstat");
 
755
      } else {
 
756
        if(S_ISDIR(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
 
757
          ret = fchown(plugindir_fd, uid, gid);
 
758
          if(ret == -1){
 
759
            error(0, errno, "fchown");
 
760
          }
 
761
        }
 
762
      }
 
763
      TEMP_FAILURE_RETRY(close(plugindir_fd));
 
764
    }
 
765
  }
 
766
  
 
767
  /* Lower permissions */
746
768
  setgid(gid);
747
769
  if(ret == -1){
748
770
    error(0, errno, "setgid");