=== modified file 'mandos' --- mandos 2008-09-05 16:24:33 +0000 +++ mandos 2008-09-05 18:19:52 +0000 @@ -772,6 +772,13 @@ tcp_handler, settings=server_settings, clients=clients) + pidfilename = "/var/run/mandos.pid" + pidfile = None + try: + pidfile = open(pidfilename, "w") + except IOError, error: + logger.error("Could not open file %r", pidfilename) + uid = 65534 gid = 65534 try: @@ -794,7 +801,7 @@ except OSError, error: if error[0] != errno.EPERM: raise error - + global service service = AvahiService(name = server_settings["servicename"], type = "_mandos._tcp", ); @@ -841,16 +848,16 @@ # Close all input and output, do double fork, etc. daemon() - pidfilename = "/var/run/mandos.pid" - pid = os.getpid() - try: - pidfile = open(pidfilename, "w") - pidfile.write(str(pid) + "\n") - pidfile.close() - del pidfile - except IOError, err: - logger.error(u"Could not write %s file with PID %d", - pidfilename, os.getpid()) + if pidfile is not None: + pid = os.getpid() + try: + pidfile.write(str(pid) + "\n") + pidfile.close() + except IOError, err: + logger.error(u"Could not write %s file with PID %d", + pidfilename, os.getpid()) + del pidfile + del pidfilename def cleanup(): "Cleanup function; run on exit" === modified file 'plugin-runner.c' --- plugin-runner.c 2008-09-02 06:13:47 +0000 +++ plugin-runner.c 2008-09-04 19:59:05 +0000 @@ -96,7 +96,7 @@ static plugin *plugin_list = NULL; -/* Gets a existing plugin based on name, +/* Gets an existing plugin based on name, or if none is found, creates a new one */ static plugin *getplugin(char *name){ /* Check for exiting plugin with that name */ @@ -118,7 +118,7 @@ return NULL; } } - + *new_plugin = (plugin) { .name = copy_name, .argc = 1, .disabled = false, @@ -187,10 +187,10 @@ size_t namelen = (size_t)(strchrnul(def, '=') - def); /* Search for this environment variable */ for(char **e = p->environ; *e != NULL; e++){ - if(strncmp(*e, def, namelen+1) == 0){ + if(strncmp(*e, def, namelen + 1) == 0){ /* It already exists */ if(replace){ - char *new = realloc(*e, strlen(def)); + char *new = realloc(*e, strlen(def) + 1); if(new == NULL){ return false; } @@ -238,7 +238,7 @@ /* No child processes */ break; } - + /* A child exited, find it in process_list */ while(proc != NULL and proc->pid != pid){ proc = proc->next; @@ -410,23 +410,21 @@ case 'o': /* --options-for */ if (arg != NULL){ char *p_name = strsep(&arg, ":"); - if(p_name[0] == '\0'){ + if(p_name[0] == '\0' or arg == NULL){ break; } char *opt = strsep(&arg, ":"); - if(opt[0] == '\0'){ + if(opt[0] == '\0' or opt == NULL){ break; } - if(opt != NULL){ - char *p; - while((p = strsep(&opt, ",")) != NULL){ - if(p[0] == '\0'){ - continue; - } - if(not add_argument(getplugin(p_name), p)){ - perror("add_argument"); - return ARGP_ERR_UNKNOWN; - } + char *p; + while((p = strsep(&opt, ",")) != NULL){ + if(p[0] == '\0'){ + continue; + } + if(not add_argument(getplugin(p_name), p)){ + perror("add_argument"); + return ARGP_ERR_UNKNOWN; } } } === modified file 'plugin-runner.xml' --- plugin-runner.xml 2008-09-05 16:24:33 +0000 +++ plugin-runner.xml 2008-09-05 18:19:52 +0000 @@ -586,7 +586,7 @@ non-privileged. This user and group is then what all plugins will be started as. Therefore, the only way to run a plugin as a privileged user is to have the set-user-ID or set-group-ID bit - set on the plugin executable files (see + set on the plugin executable file (see execve2 ).