diff --git a/killproc-2.19.dif b/killproc-2.19.dif index 1fada87..be08ed6 100644 --- a/killproc-2.19.dif +++ b/killproc-2.19.dif @@ -1,4 +1,151 @@ ---- .dummy -+++ .dummy 2011-02-15 15:46:58.000000000 +0100 -@@ -0,0 +1 @@ -+Dummy entry, remove for a real patch +--- libinit.c ++++ libinit.c 2011-03-03 13:45:42.976427260 +0000 +@@ -669,6 +669,7 @@ int pidof (const char * inname, const ch + boolean isscrpt = false; + unsigned num = 0; + pid_t pid; ++ uid_t uid; + char *swapname = NULL; + char *fullname = (char *)inname; + char *realname = NULL; +@@ -677,6 +678,7 @@ int pidof (const char * inname, const ch + + p_pid = getpid(); + p_ppid = getppid(); ++ uid = getuid(); + + dir = openproc(); /* Open /proc and maybe do mount before */ + p_pppid = getpppid(p_ppid); /* Requires existence of /proc */ +@@ -773,6 +775,13 @@ int pidof (const char * inname, const ch + + if (prefix) { + if ((rll = readlinkat(dfd, here(d->d_name, "exe"), entry, PATH_MAX)) < 0) { ++ if (uid && (errno == EACCES || errno == EPERM)) { ++ errno = 0; ++ if (fstatat(dfd, d->d_name, &pid_st, 0) < 0) ++ continue; ++ if (pid_st.st_uid == uid) ++ goto risky; ++ } + if (errno != EPERM && errno != EACCES) + goto risky; + continue; +@@ -809,6 +818,13 @@ int pidof (const char * inname, const ch + + if (!name) { + if ((rll = readlinkat(dfd, here(d->d_name, "exe"), entry, PATH_MAX)) < 0) { ++ if (uid && (errno == EACCES || errno == EPERM)) { ++ errno = 0; ++ if (fstatat(dfd, d->d_name, &pid_st, 0) < 0) ++ continue; ++ if (pid_st.st_uid == uid) ++ goto risky; ++ } + if (errno != EPERM && errno != EACCES) + goto risky; + continue; +@@ -825,7 +841,6 @@ int pidof (const char * inname, const ch + if (realname && strncmp(realname, name, PATH_MAX) == 0) + found = true; + +- + break; + } + +@@ -942,12 +957,15 @@ int verify_pidfile (const char * pid_fil + ssize_t cnt; + boolean isscrpt = false; + pid_t pid; ++ uid_t uid; + char *swapname = NULL, *bufp; + char *fullname = (char *)inname; + char *realname = NULL; + struct stat pid_st, full_st; + char buf[BUFSIZ]; + ++ uid = getuid(); ++ + if (!ignore) { + list_t *m, *n; + list_for_each_safe(m, n, &remember) { +@@ -1041,14 +1059,23 @@ int verify_pidfile (const char * pid_fil + } + + errno = 0; +- if (!(flags & (KTHREAD|KSHORT)) && !isscrpt && +- (stat(proc(buf, "exe"), &pid_st) == 0)) { +- ++ if (!(flags & (KTHREAD|KSHORT)) && !isscrpt) { + char entry[PATH_MAX+1]; + const char *name; + boolean found; + ssize_t rll; + ++ if (stat(proc(buf, "exe"), &pid_st) < 0) { ++ if (uid && (errno == EACCES || errno == EPERM)) { ++ errno = 0; ++ if (stat(proc(buf, ""), &pid_st) < 0) ++ goto out; ++ if (pid_st.st_uid == uid) ++ goto risky; ++ } ++ goto out; ++ } ++ + if (pid_st.st_dev != full_st.st_dev) + goto out; + +@@ -1087,6 +1114,7 @@ int verify_pidfile (const char * pid_fil + + goto out; + } ++risky: + + if (errno && errno != ENOENT) { + warn("Can not read %s: %s\n", procbuf, strerror(errno)); +@@ -1162,8 +1190,11 @@ int check_pids (const char * inname, con + const char *pid; + struct stat pid_st, full_st; + list_t *m, *n; ++ uid_t uid; + int fp; + ++ uid = getuid(); ++ + if (!fullname) { + warn("program or process name required\n"); + return -1; +@@ -1228,13 +1259,22 @@ int check_pids (const char * inname, con + + /* killproc and daemon/startproc should use the full path */ + errno = 0; +- if (!(flags & (KTHREAD|KSHORT)) && !isscrpt && +- (stat(proc(pid, "exe"), &pid_st) == 0)) { +- ++ if (!(flags & (KTHREAD|KSHORT)) && !isscrpt) { + char entry[PATH_MAX+1]; + const char *name; + ssize_t rll; + ++ if (stat(proc(pid, "exe"), &pid_st) < 0) { ++ if (uid && (errno == EACCES || errno == EPERM)) { ++ errno = 0; ++ if (stat(proc(pid, ""), &pid_st) < 0) ++ goto ignore; ++ if (pid_st.st_uid == uid) ++ goto risky; ++ } ++ goto ignore; ++ } ++ + if (pid_st.st_dev != full_st.st_dev) + goto ignore; /* Does not belong to rembered list */ + +@@ -1267,6 +1307,7 @@ int check_pids (const char * inname, con + + skip = true; /* No stat entry check needed */ + } ++risky: + + if (!(flags & (KTHREAD|KSHORT)) && isscrpt && + (fp = open(proc(pid, "cmdline"), O_PROCMODE)) != -1) { diff --git a/showconsole-1.13.dif b/showconsole-1.13.dif index 5ef1aca..e8c27cd 100644 --- a/showconsole-1.13.dif +++ b/showconsole-1.13.dif @@ -1,5 +1,46 @@ +--- blogd.c ++++ blogd.c 2011-03-02 11:25:01.151926991 +0000 +@@ -301,9 +301,16 @@ int main(int argc, char *argv[]) + secondtty(cons, st.st_rdev); + + (void)ioctl(0, TIOCCONS, NULL); /* Undo any current map if any */ ++ close(0); ++ + if (ioctl(pts, TIOCCONS, NULL) < 0) + error("can not set console device to %s: %s\n", ptsname, strerror(errno)); + ++ dup2(pts, 1); ++ dup2(pts, 2); ++ if (pts > 2) ++ close(pts); ++ + for (c = cons; c; c = c->next) { + #ifdef _PC_MAX_CANON + if ((c->max_canon = (ssize_t)fpathconf(c->fd, _PC_MAX_CANON)) <= 0) +@@ -356,21 +363,16 @@ int main(int argc, char *argv[]) + close(cons->fd); + cons->fd = 1; /* Choose stdout */ + } +- close(pts); + close(ptm); + break; + case -1: +- close(pts); + close(ptm); + warn("can not fork to become daemon: %s\n", strerror(errno)); + goto err; + default: + time(&tt); + stt = ctime(&tt); +- close(pts); + close(ptm); +- close(cons->fd); +- cons->fd = -1; + for (c = cons; c; c = c->next) { + if (c->fd > 0) { + close(c->fd); --- libconsole.c -+++ libconsole.c 2010-11-09 15:24:33.895925637 +0000 ++++ libconsole.c 2011-03-02 10:33:17.032457114 +0000 @@ -707,11 +707,12 @@ static void parselog(unsigned char *buf, static void copylog(const unsigned char *buf, const size_t s) { @@ -34,7 +75,26 @@ dev = makedev(maj, min); break; } -@@ -1347,7 +1348,7 @@ void secondtty(struct console *restrict +@@ -1327,8 +1328,9 @@ void secondtty(struct console *restrict + + tail = cons; + +- if ((fc = fopen("/proc/tty/consoles", "r"))) { +- int maj, min, flags; ++ if ((fc = fopen("/proc/consoles", "r"))) { ++ unsigned int maj, min; ++ int flags; + struct stat st; + char fbuf[16]; + +@@ -1341,13 +1343,13 @@ void secondtty(struct console *restrict + error("can not opendir(/dev): %s\n", strerror(errno)); + pushd("/dev"); + +- while ((fscanf(fc, "%*s %*s (%[^)]) %d:%d", &fbuf[0], &maj, &min) == 3)) { ++ while ((fscanf(fc, "%*s %*s (%[^)]) %u:%u", &fbuf[0], &maj, &min) == 3)) { + struct console *restrict newc; + dev_t dev; if (!strchr(fbuf, 'E')) continue; @@ -55,3 +115,13 @@ This can be used on .I /dev/console as current character device to +--- showconsole.c ++++ showconsole.c 2010-10-25 13:08:25.583937937 +0000 +@@ -19,6 +19,7 @@ + #include + #include + #include ++#include + #include "libconsole.h" + + /* diff --git a/sysvinit.changes b/sysvinit.changes index 4f12b51..8cd5086 100644 --- a/sysvinit.changes +++ b/sysvinit.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Mar 3 14:54:10 CET 2011 - werner@suse.de + +- Make option -k for killproc utilities work for normal users even + if the exe link of an own process remains to root (bnc#664941) + ------------------------------------------------------------------- Tue Feb 15 15:44:33 CET 2011 - werner@suse.de