.

OBS-URL: https://build.opensuse.org/package/show/Base:System/sysvinit?expand=0&rev=102
2011-03-03 13:56:38 +00:00 · 2011-03-03 13:56:38 +00:00 · ce4bac041a
commit ce4bac041a
parent e7c5cfa0e2
3 changed files with 229 additions and 6 deletions
--- a/killproc-2.19.dif
+++ b/killproc-2.19.dif
@ -1,4 +1,151 @@
--- .dummy
-+++ .dummy	2011-02-15 15:46:58.000000000 +0100
-@@ -0,0 +1 @@
-+Dummy entry, remove for a real patch
+--- libinit.c
+++ libinit.c	2011-03-03 13:45:42.976427260 +0000
+@@ -669,6 +669,7 @@ int pidof (const char * inname, const ch
+     boolean isscrpt = false;
+     unsigned num = 0;
+     pid_t pid;
+    uid_t uid;
+     char *swapname = NULL;
+     char *fullname = (char *)inname;
+     char *realname = NULL;
+@@ -677,6 +678,7 @@ int pidof (const char * inname, const ch
+ 
+     p_pid  = getpid();
+     p_ppid = getppid();
+    uid    = getuid();
+ 
+     dir = openproc();		/* Open /proc and maybe do mount before */
+     p_pppid = getpppid(p_ppid); /* Requires existence of /proc */
+@@ -773,6 +775,13 @@ int pidof (const char * inname, const ch
+ 
+ 	    if (prefix) {
+ 		if ((rll = readlinkat(dfd, here(d->d_name, "exe"), entry, PATH_MAX)) < 0) {
+		    if (uid && (errno == EACCES || errno == EPERM)) {
+			errno = 0;
+			if (fstatat(dfd, d->d_name, &pid_st, 0) < 0)
+			    continue;
+			if (pid_st.st_uid == uid)
+			    goto risky;
+		    }
+ 		    if (errno != EPERM && errno != EACCES)
+ 			goto risky;
+ 		    continue;
+@@ -809,6 +818,13 @@ int pidof (const char * inname, const ch
+ 
+ 		    if (!name) {
+ 			if ((rll = readlinkat(dfd, here(d->d_name, "exe"), entry, PATH_MAX)) < 0) {
+			    if (uid && (errno == EACCES || errno == EPERM)) {
+				errno = 0;
+				if (fstatat(dfd, d->d_name, &pid_st, 0) < 0)
+				    continue;
+				if (pid_st.st_uid == uid)
+				    goto risky;
+			    }
+ 			    if (errno != EPERM && errno != EACCES)
+ 				goto risky;
+ 			    continue;
+@@ -825,7 +841,6 @@ int pidof (const char * inname, const ch
+ 		    if (realname && strncmp(realname, name, PATH_MAX) == 0)
+ 			found = true;
+ 
+-
+ 		    break;
+ 	    }
+ 
+@@ -942,12 +957,15 @@ int verify_pidfile (const char * pid_fil
+     ssize_t cnt;
+     boolean isscrpt = false;
+     pid_t pid;
+    uid_t uid;
+     char *swapname = NULL, *bufp;
+     char *fullname = (char *)inname;
+     char *realname = NULL;
+     struct stat pid_st, full_st;
+     char buf[BUFSIZ];
+ 
+    uid = getuid();
+
+     if (!ignore) {
+ 	list_t *m, *n;
+ 	list_for_each_safe(m, n, &remember) {
+@@ -1041,14 +1059,23 @@ int verify_pidfile (const char * pid_fil
+     }
+ 
+     errno = 0;
+-    if (!(flags & (KTHREAD|KSHORT)) && !isscrpt &&
+-	 (stat(proc(buf, "exe"), &pid_st) == 0)) {
+-
+    if (!(flags & (KTHREAD|KSHORT)) && !isscrpt) {
+ 	char entry[PATH_MAX+1];
+ 	const char *name;
+ 	boolean found;
+ 	ssize_t rll;
+ 
+	if (stat(proc(buf, "exe"), &pid_st) < 0) {
+	    if (uid && (errno == EACCES || errno == EPERM)) {
+		errno = 0;
+		if (stat(proc(buf, ""), &pid_st) < 0)
+		    goto out;
+		if (pid_st.st_uid == uid)
+		    goto risky;
+	    }
+	    goto out;
+	}
+
+ 	if (pid_st.st_dev != full_st.st_dev)
+ 	    goto out;
+ 
+@@ -1087,6 +1114,7 @@ int verify_pidfile (const char * pid_fil
+ 
+ 	goto out;
+     }
+risky:
+ 
+     if (errno && errno != ENOENT) {
+ 	warn("Can not read %s: %s\n", procbuf, strerror(errno));
+@@ -1162,8 +1190,11 @@ int check_pids (const char * inname, con
+     const char *pid;
+     struct stat pid_st, full_st;
+     list_t *m, *n;
+    uid_t uid;
+     int fp;
+ 
+    uid = getuid();
+
+     if (!fullname) {
+ 	warn("program or process name required\n");
+ 	return -1;
+@@ -1228,13 +1259,22 @@ int check_pids (const char * inname, con
+ 
+ 	/* killproc and daemon/startproc should use the full path */
+ 	errno = 0;
+-	if (!(flags & (KTHREAD|KSHORT)) && !isscrpt &&
+-	     (stat(proc(pid, "exe"), &pid_st) == 0)) {
+-
+	if (!(flags & (KTHREAD|KSHORT)) && !isscrpt) {
+ 	    char entry[PATH_MAX+1];
+ 	    const char *name;
+ 	    ssize_t rll;
+ 
+	    if (stat(proc(pid, "exe"), &pid_st) < 0) {
+		if (uid && (errno == EACCES || errno == EPERM)) {
+		    errno = 0;
+		    if (stat(proc(pid, ""), &pid_st) < 0)
+			goto ignore;
+		    if (pid_st.st_uid == uid)
+			goto risky;
+		}
+		goto ignore;
+	    }
+
+ 	    if (pid_st.st_dev != full_st.st_dev)
+ 		goto ignore;		/* Does not belong to rembered list */
+ 
+@@ -1267,6 +1307,7 @@ int check_pids (const char * inname, con
+ 
+ 	    skip = true;		/* No stat entry check needed */
+ 	}
+risky:
+ 
+ 	if (!(flags & (KTHREAD|KSHORT)) &&  isscrpt &&
+ 	    (fp = open(proc(pid, "cmdline"), O_PROCMODE)) != -1) {
--- a/showconsole-1.13.dif
+++ b/showconsole-1.13.dif
@ -1,5 +1,46 @@
+--- blogd.c
+++ blogd.c	2011-03-02 11:25:01.151926991 +0000
+@@ -301,9 +301,16 @@ int main(int argc, char *argv[])
+     secondtty(cons, st.st_rdev);
+ 
+     (void)ioctl(0, TIOCCONS, NULL);  /* Undo any current map if any */
+    close(0);
+
+     if (ioctl(pts, TIOCCONS, NULL) < 0)
+ 	error("can not set console device to %s: %s\n", ptsname, strerror(errno));
+ 
+    dup2(pts, 1);
+    dup2(pts, 2);
+    if (pts > 2)
+	close(pts);
+
+     for (c = cons; c; c = c->next) {
+ #ifdef _PC_MAX_CANON
+ 	if ((c->max_canon = (ssize_t)fpathconf(c->fd, _PC_MAX_CANON)) <= 0)
+@@ -356,21 +363,16 @@ int main(int argc, char *argv[])
+ 	    close(cons->fd);
+ 	    cons->fd = 1;	/* Choose stdout */
+ 	}
+-	close(pts);
+ 	close(ptm);
+ 	break;
+     case -1:
+-	close(pts);
+ 	close(ptm);
+ 	warn("can not fork to become daemon: %s\n", strerror(errno));
+ 	goto err;
+     default:
+ 	time(&tt);
+ 	stt = ctime(&tt);
+-	close(pts);
+ 	close(ptm);
+-	close(cons->fd);
+-	cons->fd = -1;
+ 	for (c = cons; c; c = c->next) {
+ 	    if (c->fd > 0) {
+ 		close(c->fd);
 --- libconsole.c
-+++ libconsole.c	2010-11-09 15:24:33.895925637 +0000
+++ libconsole.c	2011-03-02 10:33:17.032457114 +0000
@@ -707,11 +707,12 @@ static void parselog(unsigned char *buf,
 static void copylog(const unsigned char *buf, const size_t s)
 {
@ -34,7 +75,26 @@
 		dev = makedev(maj, min);
 		break;
 	    }
-@@ -1347,7 +1348,7 @@ void secondtty(struct console *restrict
+@@ -1327,8 +1328,9 @@ void secondtty(struct console *restrict
+ 
+     tail = cons;
+ 
+-    if ((fc = fopen("/proc/tty/consoles", "r"))) {
+-	int maj, min, flags;
+    if ((fc = fopen("/proc/consoles", "r"))) {
+	unsigned int maj, min;
+	int flags;
+ 	struct stat st;
+ 	char fbuf[16];
+ 
+@@ -1341,13 +1343,13 @@ void secondtty(struct console *restrict
+ 	    error("can not opendir(/dev): %s\n", strerror(errno));
+ 	pushd("/dev");
+ 
+-	while ((fscanf(fc, "%*s %*s (%[^)]) %d:%d", &fbuf[0], &maj, &min) == 3)) {
+	while ((fscanf(fc, "%*s %*s (%[^)]) %u:%u", &fbuf[0], &maj, &min) == 3)) {
+ 	    struct console *restrict newc;
+ 	    dev_t dev;
 
 	    if (!strchr(fbuf, 'E'))
 		continue;
@ -55,3 +115,13 @@
 This can be used on
 .I /dev/console
 as current character device to
+--- showconsole.c
+++ showconsole.c	2010-10-25 13:08:25.583937937 +0000
+@@ -19,6 +19,7 @@
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <errno.h>
+#include <signal.h>
+ #include "libconsole.h"
+ 
+ /*
--- a/sysvinit.changes
+++ b/sysvinit.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Mar  3 14:54:10 CET 2011 - werner@suse.de
+
+- Make option -k for killproc utilities work for normal users even
+  if the exe link of an own process remains to root (bnc#664941)
+
 -------------------------------------------------------------------
 Tue Feb 15 15:44:33 CET 2011 - werner@suse.de