[lib/privs] Changing user IDs should be done before dropping privileges

2006-03-14 Paul Jakma <paul.jakma@sun.com>

	* privs.c: (zprivs_caps_init) Change user IDs before lowering
	  privileges, while this seems to work on Linux, on Solaris
	  it rightfully refuses due to PRIV_PROC_SETID having been
	  dropped.

diff --git a/lib/ChangeLog b/lib/ChangeLog
index 34c79e40b2325d89814a18667f130d138a037933..8794d69e1b7ac4dc43c95be66aacbcef19d274e4 100644 (file)
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,3 +1,10 @@
+2006-03-14 Paul Jakma <paul.jakma@sun.com>
+
+       * privs.c: (zprivs_caps_init) Change user IDs before lowering
+         privileges, while this seems to work on Linux, on Solaris
+         it rightfully refuses due to PRIV_PROC_SETID having been
+         dropped.
+
 2006-03-06 Paul Jakma <paul.jakma@sun.com>
 
        * if.h: export show_address_cmd, for anyone who wishes to use

diff --git a/lib/privs.c b/lib/privs.c
index 8ed39f4f283a5ac3ed9b095cebfdece338b2c704..f4117e2634100b77ade4590f2417b2e0e24c06f2 100644 (file)
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -249,13 +249,6 @@ zprivs_caps_init (struct zebra_privs_t *zprivs)
                        "but no capabilities supplied\n");
     }
 
-  if ( !(zprivs_state.caps = cap_init()) )
-    {
-      fprintf (stderr, "privs_init: failed to cap_init, %s\n", 
-               safe_strerror (errno));
-      exit (1);
-    }
-
   /* we have caps, we have no need to ever change back the original user */
   if (zprivs_state.zuid)
     {
@@ -267,6 +260,13 @@ zprivs_caps_init (struct zebra_privs_t *zprivs)
         }
     }
   
+  if ( !(zprivs_state.caps = cap_init()) )
+    {
+      fprintf (stderr, "privs_init: failed to cap_init, %s\n", 
+               safe_strerror (errno));
+      exit (1);
+    }
+
   if ( cap_clear (zprivs_state.caps) )
     {
       fprintf (stderr, "privs_init: failed to cap_clear, %s\n", 
@@ -483,6 +483,19 @@ zprivs_caps_init (struct zebra_privs_t *zprivs)
   /* need either valid or empty sets for both p and i.. */
   assert (zprivs_state.syscaps_i && zprivs_state.syscaps_p);
   
+  /* we have caps, we have no need to ever change back the original user
+   * change real, effective and saved to the specified user.
+   */
+  if (zprivs_state.zuid)
+    {
+      if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
+        {
+          fprintf (stderr, "%s: could not setreuid, %s\n", 
+                   __func__, safe_strerror (errno));
+          exit (1);
+        }
+    }
+  
   /* set the permitted set */
   if (setppriv (PRIV_SET, PRIV_PERMITTED, zprivs_state.syscaps_p))
     {
@@ -499,17 +512,6 @@ zprivs_caps_init (struct zebra_privs_t *zprivs)
       exit (1);
     }
 
-  /* we have caps, we have no need to ever change back the original user */
-  if (zprivs_state.zuid)
-    {
-      if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
-        {
-          fprintf (stderr, "%s: could not setreuid, %s\n", 
-                   __func__, safe_strerror (errno));
-          exit (1);
-        }
-    }
-  
   /* now clear the effective set and we're ready to go */
   if (setppriv (PRIV_SET, PRIV_EFFECTIVE, empty))
     {