Browse code
Open /dev/console before dropping priv
- clamav-devel/ChangeLog
- clamav-devel/clamav-milter/INSTALL
- clamav-devel/clamav-milter/clamav-milter.c
| ... | ... |
@@ -1,3 +1,9 @@ |
| 1 |
+Thu May 12 08:32:22 BST 2005 (njh) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * clamav-milter: Open /dev/console (if LogFile not set) before |
|
| 4 |
+ dropping priv so that error messages aren't |
|
| 5 |
+ lost reported by David Crow. |
|
| 6 |
+ |
|
| 1 | 7 |
Wed May 11 18:02:24 CEST 2005 (tk) |
| 2 | 8 |
---------------------------------- |
| 3 | 9 |
* libclamav/others: increase f-level |
| ... | ... |
@@ -767,6 +767,8 @@ Changes |
| 767 | 767 |
dont-wait isn't set |
| 768 | 768 |
0.84g 9/5/05: Print an error in the log if a segfault is received |
| 769 | 769 |
0.85 11/5/05: Up-issue |
| 770 |
+0.85a 12/5/05: Open /dev/console before dropping privilege, reported |
|
| 771 |
+ by David L. Crow <crow@orangeblood.org> |
|
| 770 | 772 |
|
| 771 | 773 |
4. INTERNATIONALISATION |
| 772 | 774 |
|
| ... | ... |
@@ -22,7 +22,7 @@ |
| 22 | 22 |
* |
| 23 | 23 |
* For installation instructions see the file INSTALL that came with this file |
| 24 | 24 |
*/ |
| 25 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.199 2005/05/11 12:26:44 nigelhorne Exp $"; |
|
| 25 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.200 2005/05/12 07:31:09 nigelhorne Exp $"; |
|
| 26 | 26 |
|
| 27 | 27 |
#define CM_VERSION "0.85" |
| 28 | 28 |
|
| ... | ... |
@@ -106,6 +106,7 @@ int deny_severity = LOG_NOTICE; |
| 106 | 106 |
#ifndef CL_DEBUG |
| 107 | 107 |
static const char *logFile; |
| 108 | 108 |
static int logTime; |
| 109 |
+static char console[] = "/dev/console"; |
|
| 109 | 110 |
#endif |
| 110 | 111 |
|
| 111 | 112 |
#if defined(CL_DEBUG) && defined(C_LINUX) |
| ... | ... |
@@ -511,6 +512,9 @@ main(int argc, char **argv) |
| 511 | 511 |
const struct cfgstruct *cpt; |
| 512 | 512 |
char version[VERSION_LENGTH + 1]; |
| 513 | 513 |
pthread_t tid; |
| 514 |
+#ifndef CL_DEBUG |
|
| 515 |
+ int consolefd; |
|
| 516 |
+#endif |
|
| 514 | 517 |
struct smfiDesc smfilter = {
|
| 515 | 518 |
"ClamAv", /* filter name */ |
| 516 | 519 |
SMFI_VERSION, /* version code -- leave untouched */ |
| ... | ... |
@@ -884,6 +888,11 @@ main(int argc, char **argv) |
| 884 | 884 |
/* |
| 885 | 885 |
* Drop privileges |
| 886 | 886 |
*/ |
| 887 |
+#ifndef CL_DEBUG |
|
| 888 |
+ /* Save the fd for later, open while we can */ |
|
| 889 |
+ consolefd = open(console, O_WRONLY); |
|
| 890 |
+#endif |
|
| 891 |
+ |
|
| 887 | 892 |
if(getuid() == 0) {
|
| 888 | 893 |
if(iface) {
|
| 889 | 894 |
#ifdef SO_BINDTODEVICE |
| ... | ... |
@@ -1352,15 +1361,18 @@ main(int argc, char **argv) |
| 1352 | 1352 |
return EX_CANTCREAT; |
| 1353 | 1353 |
} |
| 1354 | 1354 |
} else {
|
| 1355 |
- logFile = "/dev/console"; |
|
| 1356 |
- if(open(logFile, O_WRONLY) < 0) {
|
|
| 1357 |
- perror(logFile); |
|
| 1355 |
+ logFile = console; |
|
| 1356 |
+ if(consolefd < 0) {
|
|
| 1357 |
+ perror(console); |
|
| 1358 | 1358 |
return EX_OSFILE; |
| 1359 | 1359 |
} |
| 1360 |
+ dup(consolefd); |
|
| 1360 | 1361 |
} |
| 1361 |
- |
|
| 1362 | 1362 |
close(2); |
| 1363 | 1363 |
dup(1); |
| 1364 |
+ if(consolefd >= 0) |
|
| 1365 |
+ close(consolefd); |
|
| 1366 |
+ |
|
| 1364 | 1367 |
if(cfgopt(copt, "LogTime")) |
| 1365 | 1368 |
logTime++; |
| 1366 | 1369 |
#endif /*!CL_DEBUG*/ |