From 6913cdf50ea912b9645ff7ad69735b040d9dca4d Mon Sep 17 00:00:00 2001 From: reyk Date: Sun, 4 May 2014 10:32:32 +0000 Subject: [PATCH] With the recent change by deraadt@ to introduce kern.nosuidcoredump=3, we don't need the horrible debug hack anymore that disabled privdrop and chroot to get core dumps of privsep processes. No functional change for the normal binary, only if it is compiled with the non-default -DDEBUG option. --- sbin/iked/proc.c | 14 +------------- usr.sbin/relayd/proc.c | 14 +------------- usr.sbin/snmpd/proc.c | 14 +------------- 3 files changed, 3 insertions(+), 39 deletions(-) diff --git a/sbin/iked/proc.c b/sbin/iked/proc.c index d1be2c623c3..48f88ea222a 100644 --- a/sbin/iked/proc.c +++ b/sbin/iked/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.14 2014/04/22 12:00:03 reyk Exp $ */ +/* $OpenBSD: proc.c,v 1.15 2014/05/04 10:35:24 reyk Exp $ */ /* * Copyright (c) 2010 - 2014 Reyk Floeter @@ -372,31 +372,19 @@ proc_run(struct privsep *ps, struct privsep_proc *p, else root = pw->pw_dir; -#ifndef DEBUG if (chroot(root) == -1) fatal("proc_run: chroot"); if (chdir("/") == -1) fatal("proc_run: chdir(\"/\")"); -#else -#warning disabling privilege revocation and chroot in DEBUG MODE - if (p->p_chroot != NULL) { - if (chroot(root) == -1) - fatal("proc_run: chroot"); - if (chdir("/") == -1) - fatal("proc_run: chdir(\"/\")"); - } -#endif privsep_process = p->p_id; setproctitle("%s", p->p_title); -#ifndef DEBUG if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("proc_run: cannot drop privileges"); -#endif /* Fork child handlers */ for (n = 1; n < ps->ps_instances[p->p_id]; n++) { diff --git a/usr.sbin/relayd/proc.c b/usr.sbin/relayd/proc.c index 79d188b58ab..0c64a7de4a3 100644 --- a/usr.sbin/relayd/proc.c +++ b/usr.sbin/relayd/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.11 2014/04/20 14:48:29 reyk Exp $ */ +/* $OpenBSD: proc.c,v 1.12 2014/05/04 10:32:32 reyk Exp $ */ /* * Copyright (c) 2010 - 2014 Reyk Floeter @@ -372,31 +372,19 @@ proc_run(struct privsep *ps, struct privsep_proc *p, else root = pw->pw_dir; -#ifndef DEBUG if (chroot(root) == -1) fatal("proc_run: chroot"); if (chdir("/") == -1) fatal("proc_run: chdir(\"/\")"); -#else -#warning disabling privilege revocation and chroot in DEBUG MODE - if (p->p_chroot != NULL) { - if (chroot(root) == -1) - fatal("proc_run: chroot"); - if (chdir("/") == -1) - fatal("proc_run: chdir(\"/\")"); - } -#endif privsep_process = p->p_id; setproctitle("%s", p->p_title); -#ifndef DEBUG if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("proc_run: cannot drop privileges"); -#endif /* Fork child handlers */ for (n = 1; n < ps->ps_instances[p->p_id]; n++) { diff --git a/usr.sbin/snmpd/proc.c b/usr.sbin/snmpd/proc.c index 93fdac6fd6f..640bdc2a3b5 100644 --- a/usr.sbin/snmpd/proc.c +++ b/usr.sbin/snmpd/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.6 2014/04/21 19:47:27 reyk Exp $ */ +/* $OpenBSD: proc.c,v 1.7 2014/05/04 10:34:35 reyk Exp $ */ /* * Copyright (c) 2010 - 2014 Reyk Floeter @@ -372,31 +372,19 @@ proc_run(struct privsep *ps, struct privsep_proc *p, else root = pw->pw_dir; -#ifndef DEBUG if (chroot(root) == -1) fatal("proc_run: chroot"); if (chdir("/") == -1) fatal("proc_run: chdir(\"/\")"); -#else -#warning disabling privilege revocation and chroot in DEBUG MODE - if (p->p_chroot != NULL) { - if (chroot(root) == -1) - fatal("proc_run: chroot"); - if (chdir("/") == -1) - fatal("proc_run: chdir(\"/\")"); - } -#endif privsep_process = p->p_id; setproctitle("%s", p->p_title); -#ifndef DEBUG if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("proc_run: cannot drop privileges"); -#endif /* Fork child handlers */ for (n = 1; n < ps->ps_instances[p->p_id]; n++) { -- 2.20.1