Update.

* iconv/iconv_prog.c (main): Handle input file name "-" correctly. Recognize option -s, -c, and -l. 2000-04-20 Thorsten Kukuk <kukuk@suse.de> * nscd/nscd.c: Start new session for nscd, drop privilegs to configured user if requested and no -S parameter are used. * nscd/nscd.conf: Add new option "server-user". * nscd/nscd_conf.c: Add support for new "server-user" option. * nscd/nscd.h: Add declaration for server_user variable. Based on patch by Chris Wing <wingc@engin.umich.edu> 2000-04-29 Mark Kettenis <kettenis@gnu.org> * sysdeps/unix/sysv/linux/i386/sigaction.c: Add comment explaining that changing the __restore and __restore_rt signal return code will break GDB. 2000-04-29 Mark Kettenis <kettenis@gnu.org> * sysdeps/unix/sysv/linux/i386/sys/ucontext.h: Do not include <sys/user.h>. 2000-04-29 Mark Kettenis <kettenis@gnu.org> * conform/data/ucontext.h-data: Allow ss_* instead of SS_*. 2000-04-29 Ulrich Drepper <drepper@redhat.com>
2000-04-30 06:52:59 +00:00 · 2000-04-30 06:52:59 +00:00 · adcf0e4a33
parent 9d4d69b88b
commit adcf0e4a33
9 changed files with 130 additions and 26 deletions
--- a/29
+++ b/29
@ -1,3 +1,32 @@
+2000-04-29  Ulrich Drepper  <drepper@redhat.com>
+
+	* iconv/iconv_prog.c (main): Handle input file name "-" correctly.
+	Recognize option -s, -c, and -l.
+
+2000-04-20  Thorsten Kukuk  <kukuk@suse.de>
+
+	* nscd/nscd.c: Start new session for nscd, drop privilegs
+	to configured user if requested and no -S parameter are used.
+	* nscd/nscd.conf: Add new option "server-user".
+	* nscd/nscd_conf.c: Add support for new "server-user" option.
+	* nscd/nscd.h: Add declaration for server_user variable.
+	Based on patch by Chris Wing <wingc@engin.umich.edu>
+
+2000-04-29  Mark Kettenis  <kettenis@gnu.org>
+
+	* sysdeps/unix/sysv/linux/i386/sigaction.c: Add comment explaining
+	that changing the __restore and __restore_rt signal return code
+	will break GDB.
+
+2000-04-29  Mark Kettenis  <kettenis@gnu.org>
+
+	* sysdeps/unix/sysv/linux/i386/sys/ucontext.h: Do not include
+	<sys/user.h>.
+
+2000-04-29  Mark Kettenis  <kettenis@gnu.org>
+
+	* conform/data/ucontext.h-data: Allow ss_* instead of SS_*.
+
 2000-04-29  Ulrich Drepper  <drepper@redhat.com>

 	* conform/conformtest.pl (@headers): Add sys/utsname.h, sys/un.h,
--- a/conform/data/ucontext.h-data
+++ b/conform/data/ucontext.h-data
@ -16,5 +16,5 @@ function void makecontext (ucontext_t*, void(*)(void), int, ...)
 function int swapcontext (ucontext_t*, const ucontext_t*)

 allow uc_*
-allow SS_*
+allow ss_*
 allow *_t
--- a/iconv/iconv_prog.c
+++ b/iconv/iconv_prog.c
@ -1,5 +1,5 @@
 /* Convert text in given files from the specified from-set to the to-set.
-   Copyright (C) 1998, 1999 Free Software Foundation, Inc.
+   Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.

@ -47,7 +47,7 @@ static void print_version (FILE *stream, struct argp_state *state);
 void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version;

 #define OPT_VERBOSE	1000
-#define OPT_LIST	1001
+#define OPT_LIST	'l'

 /* Definitions of arguments for argp functions.  */
 static const struct argp_option options[] =
@ -56,9 +56,11 @@ static const struct argp_option options[] =
  { "from-code", 'f', "NAME", 0, N_("encoding of original text") },
  { "to-code", 't', "NAME", 0, N_("encoding for output") },
  { NULL, 0, NULL, 0, N_("Information:") },
-  { "list", OPT_LIST, NULL, 0, N_("list all known coded character sets") },
+  { "list", 'l', NULL, 0, N_("list all known coded character sets") },
  { NULL, 0, NULL, 0, N_("Output control:") },
+  { NULL, 'c', NULL, 0, N_("omit invalid characters from output") },
  { "output", 'o', "FILE", 0, N_("output file") },
+  { "silent", 's', NULL, 0, N_("supress warnings") },
  { "verbose", OPT_VERBOSE, NULL, 0, N_("print progress information") },
  { NULL, 0, NULL, 0, NULL }
 };
@ -71,10 +73,10 @@ Convert encoding of given files from one encoding to another.");
 static const char args_doc[] = N_("[FILE...]");

 /* Prototype for option handler.  */
-static error_t parse_opt __P ((int key, char *arg, struct argp_state *state));
+static error_t parse_opt (int key, char *arg, struct argp_state *state);

 /* Function to print some extra text in the help message.  */
-static char *more_help __P ((int key, const char *text, void *input));
+static char *more_help (int key, const char *text, void *input);

 /* Data structure to communicate with argp functions.  */
 static struct argp argp =
@ -171,17 +173,24 @@ main (int argc, char *argv[])
      {
 	struct stat st;
 	const char *addr;
-	int fd = open (argv[remaining], O_RDONLY);
+	int fd;
+

 	if (verbose)
 	  printf ("%s:\n", argv[remaining]);
-
-	if (fd == -1)
+	if (strcmp (argv[remaining], "-") == 0)
+	  fd = 0;
+	else
 	  {
-	    error (0, errno, _("cannot open input file `%s'"),
-		   argv[remaining]);
-	    status = EXIT_FAILURE;
-	    continue;
+	    fd = open (argv[remaining], O_RDONLY);
+
+	    if (fd == -1)
+	      {
+		error (0, errno, _("cannot open input file `%s'"),
+		       argv[remaining]);
+		status = EXIT_FAILURE;
+		continue;
+	      }
 	  }

 #ifdef _POSIX_MAPPED_FILES
@ -261,6 +270,15 @@ parse_opt (int key, char *arg, struct argp_state *state)
    case 'o':
      output_file = arg;
      break;
+    case 's':
+      /* Nothing, for now at least.  We are not giving out any information
+	 about missing character or so.  */
+      break;
+    case 'c':
+      /* Omit invalid characters from output.
+	 XXX This option will become a meaning once we have different
+	 modes of operation for the conversion functions.  */
+      break;
    case OPT_VERBOSE:
      verbose = 1;
      break;
@ -299,7 +317,7 @@ print_version (FILE *stream, struct argp_state *state)
 Copyright (C) %s Free Software Foundation, Inc.\n\
 This is free software; see the source for copying conditions.  There is NO\n\
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
-"), "1999");
+"), "2000");
  fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper");
 }

--- a/nscd/nscd.c
+++ b/nscd/nscd.c
@ -1,4 +1,4 @@
-/* Copyright (c) 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (c) 1998, 1999, 2000 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.

@ -62,6 +62,7 @@ int do_shutdown;
 int disabled_passwd;
 int disabled_group;
 int go_background = 1;
+const char *server_user;

 int secure[lastdb];
 int secure_in_use;
@ -69,6 +70,7 @@ static const char *conffile = _PATH_NSCDCONF;

 static int check_pid (const char *file);
 static int write_pid (const char *file);
+static void drop_privileges (void);

 /* Name and version of program.  */
 static void print_version (FILE *stream, struct argp_state *state);
@ -140,6 +142,8 @@ main (int argc, char **argv)
      if (fork ())
 	exit (0);

+      setsid ();
+
      chdir ("/");

      openlog ("nscd", LOG_CONS | LOG_ODELAY, LOG_DAEMON);
@ -164,6 +168,10 @@ main (int argc, char **argv)
  /* Init databases.  */
  nscd_init (conffile);

+  /* Change to unprivileged UID if specifed in config file */
+  if(server_user && !secure_in_use)
+    drop_privileges ();
+
  /* Handle incoming requests */
  start_threads ();

@ -364,3 +372,36 @@ write_pid (const char *file)

  return 0;
 }
+
+/* Look up the uid and gid associated with the user we are supposed to run
+   the server as, and then call setgid(), setgroups(), and setuid().
+   Otherwise, abort- we should not run as root if the configuration file
+   specifically tells us not to. */
+
+static void
+drop_privileges (void)
+{
+  int buflen = 256;
+  char *buffer = alloca (buflen);
+  struct passwd resultbuf;
+  struct passwd *pwd;
+
+  while (__getpwnam_r (server_user, &resultbuf, buffer, buflen, &pwd) != 0
+	 && errno == ERANGE)
+    {
+      errno = 0;
+      buflen += 256;
+      buffer = alloca (buflen);
+    }
+
+  if(!pwd)
+    {
+      dbg_log (_("Failed to look up user '%s' to run server as"),
+	       server_user);
+      exit(1);
+    }
+
+  setgroups (0, NULL);
+  setgid (pwd->pw_gid);
+  setuid (pwd->pw_uid);
+}
--- a/nscd/nscd.conf
+++ b/nscd/nscd.conf
@ -8,6 +8,8 @@
 #	logfile			<file>
 #	debug-level		<level>
 #	threads			<#threads to use>
+#	server-user             <user to run server as instead of root>
+#		server-user is ignored if nscd is started with -S parameters
 #
 #       enable-cache		<service> <yes|no>
 #	positive-time-to-live	<service> <time in seconds>
@ -21,7 +23,7 @@

 #	logfile			/var/log/nscd.log
 #	threads			6
-
+#	server-user		nobody
 	debug-level		0

 	enable-cache		passwd		yes
--- a/nscd/nscd.h
+++ b/nscd/nscd.h
@ -1,4 +1,4 @@
-/* Copyright (c) 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (c) 1998, 1999, 2000 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.

@ -96,6 +96,9 @@ extern int nthreads;
 extern int secure[lastdb];
 extern int secure_in_use; /* Is one of the above 1 ? */

+/* User name to run server processes as */
+extern const char *server_user;
+
 /* Prototypes for global functions.  */

 /* nscd.c */
--- a/nscd/nscd_conf.c
+++ b/nscd/nscd_conf.c
@ -1,6 +1,6 @@
-/* Copyright (c) 1998 Free Software Foundation, Inc.
+/* Copyright (c) 1998, 2000 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
-   Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1998.
+   Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Library General Public License as
@ -176,6 +176,13 @@ nscd_parse_file (const char *fname, struct database dbs[lastdb])
 	  if (nthreads == -1)
 	    nthreads = MAX (atol (arg1), lastdb);
 	}
+      else if (strcmp (entry, "server-user") == 0)
+        {
+          if (!arg1)
+            dbg_log (_("Must specify user name for server-user option"), arg1);
+          else
+            server_user = strdup (arg1);
+        }
      else
 	dbg_log (_("Unknown option: %s %s %s"), entry, arg1, arg2);
    }
--- a/sysdeps/unix/sysv/linux/i386/sigaction.c
+++ b/sysdeps/unix/sysv/linux/i386/sigaction.c
@ -148,12 +148,20 @@ __sigaction (int sig, const struct sigaction *act, struct sigaction *oact)

 weak_alias (__sigaction, sigaction)

+/* NOTE: Please think twice before making any changes to the bits of
+   code below.  GDB needs some intimate knowledge about it to
+   recognize them as signal trampolines, and make backtraces through
+   signal handlers work right.  Important are both the names
+   (__restore and __restore_rt) and the exact instruction sequence.
+   If you ever feel the need to make any changes, please notify the
+   appropriate GDB maintainer.  */
+
 #define RESTORE(name, syscall) RESTORE2 (name, syscall)
 #define RESTORE2(name, syscall) \
 asm						\
  (						\
   ".align 16\n"				\
-   "__" #name ":\n"					\
+   "__" #name ":\n"				\
   "	movl $" #syscall ", %eax\n"		\
   "	int  $0x80"				\
   );
@ -168,8 +176,8 @@ RESTORE (restore_rt, __NR_rt_sigreturn)
 # define RESTORE2(name, syscall) \
 asm						\
  (						\
-   ".align 8\n"				\
-   "__" #name ":\n"					\
+   ".align 8\n"					\
+   "__" #name ":\n"				\
   "	popl %eax\n"				\
   "	movl $" #syscall ", %eax\n"		\
   "	int  $0x80"				\
--- a/sysdeps/unix/sysv/linux/i386/sys/ucontext.h
+++ b/sysdeps/unix/sysv/linux/i386/sys/ucontext.h
@ -26,10 +26,6 @@
   included in <signal.h>.  */
 #include <bits/sigcontext.h>

-/* We also need the definition of the userlevel data representation
-   for the register contexts.  */
-#include <sys/user.h>
-

 /* Type for general register.  */
 typedef int greg_t;