Write to pidfile as root, but only if user is root

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/branches/freeze-1_4_0@14174 72102866-910b-0410-8b05-ffd578937521
2025-04-23 00:41:02 +00:00 · 2002-07-18 14:45:35 +00:00 · 2002-07-18 14:45:35 +00:00 · c59d7ae9c4
commit c59d7ae9c4
parent 1f0424368d
2 changed files with 33 additions and 15 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2002-07-18  Adam Fedor  <fedor@gnu.org>
+
+	* Tools/gdomap.c (main): Write the pidfile before switching away
+	from root, but only if the user is root.
+
 2002-07-17  Adam Fedor  <fedor@gnu.org>

 	* Source/NSString.m (-getLineStart:end:contentsEnd:forRange:): Fix
--- a/Tools/gdomap.c
+++ b/Tools/gdomap.c
@ -4535,6 +4535,34 @@ printf(
 	}
    }

+  /* Write the pidfile, but only if the user is root. This allows us
+     to write to restricted directories without allowing normal users
+     to mess it up. */
+  if (pidfile)
+    {
+      FILE	*fptr;
+
+      if (getuid () == 0)
+	{
+	  fptr = fopen(pidfile, "at");
+
+	  if (fptr == 0)
+	    {
+	      sprintf(ebuf, "Unable to open pid file - '%s'", pidfile);
+	      gdomap_log(LOG_CRIT);
+	      exit(1);
+	    }
+	  fprintf(fptr, "%d\n", (int) getpid());
+	  fclose(fptr);
+	  chmod(pidfile, 0644);
+	}
+      else
+	{
+	  sprintf(ebuf, "Only root user can write to pid file\n");
+	  gdomap_log(LOG_WARNING);
+	}
+    }
+
 #ifndef __MINGW__
  /*
   * Try to become a 'safe' user now that we have
@ -4569,21 +4597,6 @@ printf(
    }
 #endif /* __MINGW__ */

-  if (pidfile)
-    {
-      FILE	*fptr = fopen(pidfile, "at");
-
-      if (fptr == 0)
-	{
-	  sprintf(ebuf, "Unable to open pid file - '%s'", pidfile);
-	  gdomap_log(LOG_CRIT);
-	  exit(1);
-	}
-      fprintf(fptr, "%d\n", (int) getpid());
-      fclose(fptr);
-      chmod(pidfile, 0644);
-    }
-
 #if	!defined(__svr4__)
  /*
   * As another level of paranoia - restrict this process to /tmp