From: reyk Date: Sun, 4 May 2014 10:32:32 +0000 (+0000) Subject: With the recent change by deraadt@ to introduce kern.nosuidcoredump=3, X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6913cdf50ea912b9645ff7ad69735b040d9dca4d;p=openbsd With the recent change by deraadt@ to introduce kern.nosuidcoredump=3, we don't need the horrible debug hack anymore that disabled privdrop and chroot to get core dumps of privsep processes. No functional change for the normal binary, only if it is compiled with the non-default -DDEBUG option. --- diff --git a/sbin/iked/proc.c b/sbin/iked/proc.c index d1be2c623c3..48f88ea222a 100644 --- a/sbin/iked/proc.c +++ b/sbin/iked/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.14 2014/04/22 12:00:03 reyk Exp $ */ +/* $OpenBSD: proc.c,v 1.15 2014/05/04 10:35:24 reyk Exp $ */ /* * Copyright (c) 2010 - 2014 Reyk Floeter @@ -372,31 +372,19 @@ proc_run(struct privsep *ps, struct privsep_proc *p, else root = pw->pw_dir; -#ifndef DEBUG if (chroot(root) == -1) fatal("proc_run: chroot"); if (chdir("/") == -1) fatal("proc_run: chdir(\"/\")"); -#else -#warning disabling privilege revocation and chroot in DEBUG MODE - if (p->p_chroot != NULL) { - if (chroot(root) == -1) - fatal("proc_run: chroot"); - if (chdir("/") == -1) - fatal("proc_run: chdir(\"/\")"); - } -#endif privsep_process = p->p_id; setproctitle("%s", p->p_title); -#ifndef DEBUG if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("proc_run: cannot drop privileges"); -#endif /* Fork child handlers */ for (n = 1; n < ps->ps_instances[p->p_id]; n++) { diff --git a/usr.sbin/relayd/proc.c b/usr.sbin/relayd/proc.c index 79d188b58ab..0c64a7de4a3 100644 --- a/usr.sbin/relayd/proc.c +++ b/usr.sbin/relayd/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.11 2014/04/20 14:48:29 reyk Exp $ */ +/* $OpenBSD: proc.c,v 1.12 2014/05/04 10:32:32 reyk Exp $ */ /* * Copyright (c) 2010 - 2014 Reyk Floeter @@ -372,31 +372,19 @@ proc_run(struct privsep *ps, struct privsep_proc *p, else root = pw->pw_dir; -#ifndef DEBUG if (chroot(root) == -1) fatal("proc_run: chroot"); if (chdir("/") == -1) fatal("proc_run: chdir(\"/\")"); -#else -#warning disabling privilege revocation and chroot in DEBUG MODE - if (p->p_chroot != NULL) { - if (chroot(root) == -1) - fatal("proc_run: chroot"); - if (chdir("/") == -1) - fatal("proc_run: chdir(\"/\")"); - } -#endif privsep_process = p->p_id; setproctitle("%s", p->p_title); -#ifndef DEBUG if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("proc_run: cannot drop privileges"); -#endif /* Fork child handlers */ for (n = 1; n < ps->ps_instances[p->p_id]; n++) { diff --git a/usr.sbin/snmpd/proc.c b/usr.sbin/snmpd/proc.c index 93fdac6fd6f..640bdc2a3b5 100644 --- a/usr.sbin/snmpd/proc.c +++ b/usr.sbin/snmpd/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.6 2014/04/21 19:47:27 reyk Exp $ */ +/* $OpenBSD: proc.c,v 1.7 2014/05/04 10:34:35 reyk Exp $ */ /* * Copyright (c) 2010 - 2014 Reyk Floeter @@ -372,31 +372,19 @@ proc_run(struct privsep *ps, struct privsep_proc *p, else root = pw->pw_dir; -#ifndef DEBUG if (chroot(root) == -1) fatal("proc_run: chroot"); if (chdir("/") == -1) fatal("proc_run: chdir(\"/\")"); -#else -#warning disabling privilege revocation and chroot in DEBUG MODE - if (p->p_chroot != NULL) { - if (chroot(root) == -1) - fatal("proc_run: chroot"); - if (chdir("/") == -1) - fatal("proc_run: chdir(\"/\")"); - } -#endif privsep_process = p->p_id; setproctitle("%s", p->p_title); -#ifndef DEBUG if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("proc_run: cannot drop privileges"); -#endif /* Fork child handlers */ for (n = 1; n < ps->ps_instances[p->p_id]; n++) {