Browse code
Freshclam fix to switch user prior to creating temp directories (or anything else). Additional fix to append path separator to database directory if missing, so the system evaluates symlinks for us.
Micah Snyder authored on 2019/05/22 05:12:17Showing 2 changed files
| ... | ... |
@@ -758,6 +758,19 @@ static fc_error_t initialize(struct optstruct *opts) |
| 758 | 758 |
} |
| 759 | 759 |
} |
| 760 | 760 |
|
| 761 |
+#ifdef HAVE_PWD_H |
|
| 762 |
+ /* |
|
| 763 |
+ * freshclam shouldn't work with root privileges. |
|
| 764 |
+ * Drop privileges to the DatabaseOwner user, if specified. |
|
| 765 |
+ */ |
|
| 766 |
+ ret = switch_user(optget(opts, "DatabaseOwner")->strarg); |
|
| 767 |
+ if (FC_SUCCESS != ret) {
|
|
| 768 |
+ logg("!Failed to switch to %s user.\n", optget(opts, "DatabaseOwner")->strarg);
|
|
| 769 |
+ status = ret; |
|
| 770 |
+ goto done; |
|
| 771 |
+ } |
|
| 772 |
+#endif /* HAVE_PWD_H */ |
|
| 773 |
+ |
|
| 761 | 774 |
/* |
| 762 | 775 |
* Initilize libclamav. |
| 763 | 776 |
*/ |
| ... | ... |
@@ -952,19 +965,6 @@ static fc_error_t initialize(struct optstruct *opts) |
| 952 | 952 |
*/ |
| 953 | 953 |
fc_set_fccb_download_complete(download_complete_callback); |
| 954 | 954 |
|
| 955 |
-#ifdef HAVE_PWD_H |
|
| 956 |
- /* |
|
| 957 |
- * freshclam shouldn't work with root privileges. |
|
| 958 |
- * Drop privileges to the DatabaseOwner user, if specified. |
|
| 959 |
- */ |
|
| 960 |
- ret = switch_user(optget(opts, "DatabaseOwner")->strarg); |
|
| 961 |
- if (FC_SUCCESS != ret) {
|
|
| 962 |
- logg("!Failed to switch to %s user.\n", optget(opts, "DatabaseOwner")->strarg);
|
|
| 963 |
- status = ret; |
|
| 964 |
- goto done; |
|
| 965 |
- } |
|
| 966 |
-#endif /* HAVE_PWD_H */ |
|
| 967 |
- |
|
| 968 | 955 |
status = FC_SUCCESS; |
| 969 | 956 |
|
| 970 | 957 |
done: |
| ... | ... |
@@ -205,18 +205,33 @@ fc_error_t fc_initialize(fc_config *fcConfig) |
| 205 | 205 |
g_proxyPassword = cli_strdup(fcConfig->proxyPassword); |
| 206 | 206 |
} |
| 207 | 207 |
|
| 208 |
+#ifdef _WIN32 |
|
| 209 |
+ if ((fcConfig->databaseDirectory[strlen(fcConfig->databaseDirectory) - 1] != '/') && |
|
| 210 |
+ ((fcConfig->databaseDirectory[strlen(fcConfig->databaseDirectory) - 1] != '\\'))) {
|
|
| 211 |
+#else |
|
| 212 |
+ if (fcConfig->databaseDirectory[strlen(fcConfig->databaseDirectory) - 1] != '/') {
|
|
| 213 |
+#endif |
|
| 214 |
+ g_databaseDirectory = cli_malloc(strlen(fcConfig->databaseDirectory) + strlen(PATHSEP) + 1); |
|
| 215 |
+ snprintf( |
|
| 216 |
+ g_databaseDirectory, |
|
| 217 |
+ strlen(fcConfig->databaseDirectory) + strlen(PATHSEP) + 1, |
|
| 218 |
+ "%s" PATHSEP, |
|
| 219 |
+ fcConfig->databaseDirectory); |
|
| 220 |
+ } else {
|
|
| 221 |
+ g_databaseDirectory = cli_strdup(fcConfig->databaseDirectory); |
|
| 222 |
+ } |
|
| 223 |
+ |
|
| 208 | 224 |
/* Validate that the database directory exists, and store it. */ |
| 209 |
- if (LSTAT(fcConfig->databaseDirectory, &statbuf) == -1) {
|
|
| 210 |
- logg("!Database directory does not exist: %s\n", fcConfig->databaseDirectory);
|
|
| 225 |
+ if (LSTAT(g_databaseDirectory, &statbuf) == -1) {
|
|
| 226 |
+ logg("!Database directory does not exist: %s\n", g_databaseDirectory);
|
|
| 211 | 227 |
status = FC_EDIRECTORY; |
| 212 | 228 |
goto done; |
| 213 | 229 |
} |
| 214 | 230 |
if (!S_ISDIR(statbuf.st_mode)) {
|
| 215 |
- logg("!Database directory is not a directory: %s\n", fcConfig->databaseDirectory);
|
|
| 231 |
+ logg("!Database directory is not a directory: %s\n", g_databaseDirectory);
|
|
| 216 | 232 |
status = FC_EDIRECTORY; |
| 217 | 233 |
goto done; |
| 218 | 234 |
} |
| 219 |
- g_databaseDirectory = cli_strdup(fcConfig->databaseDirectory); |
|
| 220 | 235 |
|
| 221 | 236 |
/* Validate that the temp directory exists, and store it. */ |
| 222 | 237 |
if (LSTAT(fcConfig->tempDirectory, &statbuf) == -1) {
|