diff options
| author | pjd <pjd@FreeBSD.org> | 2011-01-28 22:35:46 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2011-01-28 22:35:46 +0000 |
| commit | 621f7543a982007a0186cee91e51e29ff13e6630 (patch) | |
| tree | 17c38b809107482fad50fab360dd0ff3acccc12e /sbin | |
| parent | 1d4238ea6d7bb3df80ae2d80f0563eb3b688c32f (diff) | |
| download | FreeBSD-src-621f7543a982007a0186cee91e51e29ff13e6630.zip FreeBSD-src-621f7543a982007a0186cee91e51e29ff13e6630.tar.gz | |
Drop privileges in worker processes.
Accepting connections and handshaking in secondary is still done before
dropping privileges. It should be implemented by only accepting connections in
privileged main process and passing connection descriptors to the worker, but
is not implemented yet.
MFC after: 1 week
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/hastd/primary.c | 5 | ||||
| -rw-r--r-- | sbin/hastd/secondary.c | 3 |
2 files changed, 8 insertions, 0 deletions
diff --git a/sbin/hastd/primary.c b/sbin/hastd/primary.c index e22ef82..d701d8e 100644 --- a/sbin/hastd/primary.c +++ b/sbin/hastd/primary.c @@ -847,6 +847,11 @@ hastd_primary(struct hast_resource *res) init_ggate(res); init_environment(res); + if (drop_privs() != 0) { + cleanup(res); + exit(EX_CONFIG); + } + /* * Create the guard thread first, so we can handle signals from the * very begining. diff --git a/sbin/hastd/secondary.c b/sbin/hastd/secondary.c index 821d5c7..21b54be 100644 --- a/sbin/hastd/secondary.c +++ b/sbin/hastd/secondary.c @@ -413,6 +413,9 @@ hastd_secondary(struct hast_resource *res, struct nv *nvin) init_local(res); init_environment(); + if (drop_privs() != 0) + exit(EX_CONFIG); + /* * Create the control thread before sending any event to the parent, * as we can deadlock when parent sends control request to worker, |
