Browse code
bb#1789 - part one
aCaB authored on 2010/02/05 01:32:42Showing 2 changed files
| ... | ... |
@@ -18,6 +18,8 @@ |
| 18 | 18 |
* MA 02110-1301, USA. |
| 19 | 19 |
*/ |
| 20 | 20 |
|
| 21 |
+#define _BSD_SOURCE |
|
| 22 |
+ |
|
| 21 | 23 |
#if HAVE_CONFIG_H |
| 22 | 24 |
#include "clamav-config.h" |
| 23 | 25 |
#endif |
| ... | ... |
@@ -165,8 +167,6 @@ int main(int argc, char **argv) |
| 165 | 165 |
return 0; |
| 166 | 166 |
} |
| 167 | 167 |
|
| 168 |
- umask(0); |
|
| 169 |
- |
|
| 170 | 168 |
/* drop privileges */ |
| 171 | 169 |
#ifndef _WIN32 |
| 172 | 170 |
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
|
| ... | ... |
@@ -464,10 +464,48 @@ int main(int argc, char **argv) |
| 464 | 464 |
} |
| 465 | 465 |
#ifndef _WIN32 |
| 466 | 466 |
if(localsock) {
|
| 467 |
+ mode_t sock_mode, umsk = umask(0777); /* socket is created with 000 to avoid races */ |
|
| 467 | 468 |
if ((lsockets[nlsockets] = localserver(opts)) == -1) {
|
| 468 | 469 |
ret = 1; |
| 470 |
+ umask(umsk); |
|
| 471 |
+ break; |
|
| 472 |
+ } |
|
| 473 |
+ umask(umsk); /* restore umask */ |
|
| 474 |
+ if(optget(opts, "LocalSocketGroup")->enabled) {
|
|
| 475 |
+ char *gname = optget(opts, "LocalSocketGroup")->strarg, *end; |
|
| 476 |
+ gid_t sock_gid = strtol(gname, &end, 10); |
|
| 477 |
+ if(*end) {
|
|
| 478 |
+ struct group *pgrp = getgrnam(gname); |
|
| 479 |
+ if(!pgrp) {
|
|
| 480 |
+ logg("!Unknown group %s\n", gname);
|
|
| 481 |
+ ret = 1; |
|
| 482 |
+ break; |
|
| 483 |
+ } |
|
| 484 |
+ sock_gid = pgrp->gr_gid; |
|
| 485 |
+ } |
|
| 486 |
+ if(fchown(lsockets[nlsockets], -1, sock_gid)) {
|
|
| 487 |
+ logg("!Failed to change socket ownership to group %s\n", gname);
|
|
| 488 |
+ ret = 1; |
|
| 489 |
+ break; |
|
| 490 |
+ } |
|
| 491 |
+ } |
|
| 492 |
+ if(optget(opts, "LocalSocketPerms")->enabled) {
|
|
| 493 |
+ char *end; |
|
| 494 |
+ sock_mode = strtol(optget(opts, "LocalSocketPerms")->strarg, &end, 8); |
|
| 495 |
+ if(*end) {
|
|
| 496 |
+ logg("!Invalid LocalSocketPerms %s\n", optget(opts, "LocalSocketPerms")->strarg);
|
|
| 497 |
+ ret = 1; |
|
| 498 |
+ break; |
|
| 499 |
+ } |
|
| 500 |
+ } else |
|
| 501 |
+ sock_mode = 0777 /* & ~umsk*/; /* conservative default: umask was 0 in clamd < 0.96 */ |
|
| 502 |
+ |
|
| 503 |
+ if(fchmod(lsockets[nlsockets], sock_mode & 0666)) {
|
|
| 504 |
+ logg("!Cannot set socket permission to %s\n", optget(opts, "LocalSocketPerms")->strarg);
|
|
| 505 |
+ ret = 1; |
|
| 469 | 506 |
break; |
| 470 | 507 |
} |
| 508 |
+ |
|
| 471 | 509 |
nlsockets++; |
| 472 | 510 |
} |
| 473 | 511 |
|
| ... | ... |
@@ -184,6 +184,10 @@ const struct clam_option __clam_options[] = {
|
| 184 | 184 |
|
| 185 | 185 |
{ "LocalSocket", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "/tmp/clamd.socket" },
|
| 186 | 186 |
|
| 187 |
+ { "LocalSocketGroup", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the group ownership on the unix socket.", "virusgroup" },
|
|
| 188 |
+ |
|
| 189 |
+ { "LocalSocketPerms", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the permissions on the unix socket.", "660" },
|
|
| 190 |
+ |
|
| 187 | 191 |
{ "FixStaleSocket", NULL, 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Remove a stale socket after unclean shutdown", "yes" },
|
| 188 | 192 |
|
| 189 | 193 |
{ "TCPSocket", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD, "A TCP port number the daemon will listen on.", "3310" },
|