From 6d42dd860350d0e64a73f774ca60a022c2d43615 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 10 Aug 2015 17:02:12 +0200 Subject: [PATCH] conf: create directories before dropping root Create logdir and dumpdir before dropping root. Set their uid/gid to the user chronyd will switch to. This allows chronyd to create the directories in a directory where the user won't have write permissions (e.g. /var/lib). --- conf.c | 9 +++++++++ conf.h | 2 ++ logging.c | 12 ------------ logging.h | 1 - main.c | 5 +++-- sources.c | 30 +++++++++++++++--------------- 6 files changed, 29 insertions(+), 30 deletions(-) diff --git a/conf.c b/conf.c index 6d4ee67..9ebb268 100644 --- a/conf.c +++ b/conf.c @@ -1258,6 +1258,15 @@ parse_include(char *line) /* ================================================== */ +void +CNF_CreateDirs(uid_t uid, gid_t gid) +{ + UTI_CreateDirAndParents(logdir, 0755, uid, gid); + UTI_CreateDirAndParents(dumpdir, 0755, uid, gid); +} + +/* ================================================== */ + void CNF_AddInitSources(void) { diff --git a/conf.h b/conf.h index ff74ad7..f843722 100644 --- a/conf.h +++ b/conf.h @@ -39,6 +39,8 @@ extern char *CNF_GetRtcDevice(void); extern void CNF_ReadFile(const char *filename); extern void CNF_ParseLine(const char *filename, int number, char *line); +extern void CNF_CreateDirs(uid_t uid, gid_t gid); + extern void CNF_AddInitSources(void); extern void CNF_AddSources(void); extern void CNF_AddBroadcasts(void); diff --git a/logging.c b/logging.c index 8257a8b..0ffaa29 100644 --- a/logging.c +++ b/logging.c @@ -299,18 +299,6 @@ LOG_FileWrite(LOG_FileID id, const char *format, ...) /* ================================================== */ -void -LOG_CreateLogFileDir(void) -{ - const char *logdir; - - logdir = CNF_GetLogDir(); - - UTI_CreateDirAndParents(logdir, 0755, 0, 0); -} - -/* ================================================== */ - void LOG_CycleLogFiles(void) { diff --git a/logging.h b/logging.h index b4b4d18..5455ec3 100644 --- a/logging.h +++ b/logging.h @@ -142,7 +142,6 @@ extern LOG_FileID LOG_FileOpen(const char *name, const char *banner); FORMAT_ATTRIBUTE_PRINTF(2, 3) extern void LOG_FileWrite(LOG_FileID id, const char *format, ...); -extern void LOG_CreateLogFileDir(void); extern void LOG_CycleLogFiles(void); #endif /* GOT_LOGGING_H */ diff --git a/main.c b/main.c index bd9b008..95e99d2 100644 --- a/main.c +++ b/main.c @@ -493,12 +493,13 @@ int main if ((pw = getpwnam(user)) == NULL) LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user); + /* Create all directories before dropping root */ + CNF_CreateDirs(pw->pw_uid, pw->pw_gid); + /* Drop root privileges if the user has non-zero uid or gid */ if (pw->pw_uid || pw->pw_gid) SYS_DropRoot(pw->pw_uid, pw->pw_gid); - LOG_CreateLogFileDir(); - REF_Initialise(); SST_Initialise(); NIO_Initialise(address_family); diff --git a/sources.c b/sources.c index 56a8cca..4ddee25 100644 --- a/sources.c +++ b/sources.c @@ -1092,23 +1092,23 @@ SRC_DumpSources(void) direc_len = strlen(direc); file_len = direc_len + 24; filename = MallocArray(char, file_len); /* a bit of slack */ - if (UTI_CreateDirAndParents(direc, 0755, 0, 0)) { - for (i=0; iref_id) >> 24; - b = ((sources[i]->ref_id) >> 16) & 0xff; - c = ((sources[i]->ref_id) >> 8) & 0xff; - d = ((sources[i]->ref_id)) & 0xff; - - snprintf(filename, file_len-1, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d); - out = fopen(filename, "w"); - if (!out) { - LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename); - } else { - SST_SaveToFile(sources[i]->stats, out); - fclose(out); - } + + for (i = 0; i < n_sources; i++) { + a = (sources[i]->ref_id) >> 24; + b = ((sources[i]->ref_id) >> 16) & 0xff; + c = ((sources[i]->ref_id) >> 8) & 0xff; + d = ((sources[i]->ref_id)) & 0xff; + + snprintf(filename, file_len - 1, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d); + out = fopen(filename, "w"); + if (!out) { + LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename); + } else { + SST_SaveToFile(sources[i]->stats, out); + fclose(out); } } + Free(filename); }