option names substuser-early and su-e

This commit is contained in:
Gerhard Rieger 2009-04-02 09:28:58 +02:00
parent 50be6b25cf
commit a05e96f6a7
6 changed files with 22 additions and 10 deletions

View file

@ -1,4 +1,8 @@
new features:
introduced option names substuser-early and su-e, currently equivalent
to option substuser (thanks to Mike Perry for providing the patch)
####################### V 1.7.0.1:
corrections:

View file

@ -1663,16 +1663,18 @@ label(OPTION_CHROOT_EARLY)dit(bf(tt(chroot-early=<directory>)))
before opening the address. This call might require root privilege.
label(OPTION_SETGID)dit(bf(tt(setgid=<group>)))
Changes the primary link(<group>)(TYPE_GROUP) of the process after
processing the address. This call might require root privilege.
processing the address. This call might require root privilege. Please note
that this option does not drop other group related privileges.
label(OPTION_SETGID_EARLY)dit(bf(tt(setgid-early=<group>)))
Changes the primary link(<group>)(TYPE_GROUP) of the process before opening
the address. This call might require root privilege.
Like link(setgit)(OPTION_SETGID) but is performed before opening the address.
label(OPTION_SETUID)dit(bf(tt(setuid=<user>)))
Changes the link(<user>)(TYPE_USER) (owner) of the process after processing
the address. This call might require root privilege.
the address. This call might require root privilege. Please note that this
option does not drop group related privileges. Check if option
link(su)(OPTION_SUBSTUSER) better fits your needs.
label(OPTION_SETUID_EARLY)dit(bf(tt(setuid-early=<user>)))
Changes the link(<user>)(TYPE_USER) (owner) of the process before opening
the address. This call might require root privilege.
Like link(setuid)(OPTION_SETSUID) but is performed before opening the
address.
label(OPTION_SUBSTUSER)dit(bf(tt(su=<user>)))
Changes the link(<user>)(TYPE_USER) (owner) and groups of the process after
processing the address (link(example)(EXAMPLE_OPTION_SUBSTUSER)). This call might require root privilege.

View file

@ -1,5 +1,5 @@
/* source: xio-process.c */
/* Copyright Gerhard Rieger 2001-2003 */
/* Copyright Gerhard Rieger 2001-2009 */
/* Published under the GNU General Public License V.2, see file COPYING */
/* this file handles process related addresses options */
@ -14,6 +14,7 @@ const struct optdesc opt_setgid_early= { "setgid-early",NULL, OPT_SETGID_EARLY,
const struct optdesc opt_setgid = { "setgid", NULL, OPT_SETGID, GROUP_PROCESS, PH_LATE2, TYPE_GIDT, OFUNC_SPEC };
const struct optdesc opt_setuid_early= { "setuid-early",NULL, OPT_SETUID_EARLY,GROUP_PROCESS, PH_EARLY, TYPE_UIDT, OFUNC_SPEC };
const struct optdesc opt_setuid = { "setuid", NULL, OPT_SETUID, GROUP_PROCESS, PH_LATE2, TYPE_UIDT, OFUNC_SPEC };
const struct optdesc opt_substuser_early = { "substuser-early", "su-e", OPT_SUBSTUSER_EARLY, GROUP_PROCESS, PH_EARLY, TYPE_UIDT, OFUNC_SPEC };
const struct optdesc opt_substuser = { "substuser", "su", OPT_SUBSTUSER, GROUP_PROCESS, PH_LATE2, TYPE_UIDT, OFUNC_SPEC };
const struct optdesc opt_substuser_delayed = { "substuser-delayed", "su-d", OPT_SUBSTUSER_DELAYED, GROUP_PROCESS, PH_INIT, TYPE_UIDT, OFUNC_SPEC };
const struct optdesc opt_chroot_early = { "chroot-early", NULL, OPT_CHROOT_EARLY, GROUP_PROCESS, PH_EARLY, TYPE_STRING, OFUNC_SPEC };

View file

@ -1,5 +1,5 @@
/* source: xio-process.h */
/* Copyright Gerhard Rieger 2001, 2002 */
/* Copyright Gerhard Rieger 2001-2009 */
/* Published under the GNU General Public License V.2, see file COPYING */
#ifndef __xio_process_h_included
@ -9,6 +9,7 @@ extern const struct optdesc opt_setgid_early;
extern const struct optdesc opt_setgid;
extern const struct optdesc opt_setuid_early;
extern const struct optdesc opt_setuid;
extern const struct optdesc opt_substuser_early;
extern const struct optdesc opt_substuser;
extern const struct optdesc opt_substuser_delayed;
extern const struct optdesc opt_chroot_early;

View file

@ -1,5 +1,5 @@
/* source: xioopts.c */
/* Copyright Gerhard Rieger 2001-2008 */
/* Copyright Gerhard Rieger 2001-2009 */
/* Published under the GNU General Public License V.2, see file COPYING */
/* this file contains the source for address options handling */
@ -1453,8 +1453,10 @@ const struct optname optionnames[] = {
#endif
IF_ANY ("su", &opt_substuser)
IF_ANY ("su-d", &opt_substuser_delayed)
IF_ANY ("su-e", &opt_substuser_early)
IF_ANY ("substuser", &opt_substuser)
IF_ANY ("substuser-delayed", &opt_substuser_delayed)
IF_ANY ("substuser-early", &opt_substuser_early)
IF_TERMIOS("susp", &opt_vsusp)
#ifdef VSWTC
IF_TERMIOS("swtc", &opt_vswtc)
@ -3257,6 +3259,7 @@ int applyopts(int fd, struct opt *opts, enum e_phase phase) {
opt->desc = ODESC_ERROR; ++opt; continue;
}
break;
case OPT_SUBSTUSER_EARLY:
case OPT_SUBSTUSER:
{
struct passwd *pwd;

View file

@ -1,5 +1,5 @@
/* source: xioopts.h */
/* Copyright Gerhard Rieger 2001-2008 */
/* Copyright Gerhard Rieger 2001-2009 */
/* Published under the GNU General Public License V.2, see file COPYING */
#ifndef __xioopts_h_included
@ -695,6 +695,7 @@ enum e_optcode {
# define ENABLE_OPTCODE
# include "xio-streams.h"
# undef ENABLE_OPTCODE
OPT_SUBSTUSER_EARLY,
OPT_SUBSTUSER,
OPT_SUBSTUSER_DELAYED,
OPT_SYMBOLIC_LINK, /* with pty */