[Xorp-hackers] Patch to fix xrl pipe permissions.
Ben Greear
greearb at candelatech.com
Thu Mar 10 15:12:53 PST 2011
This is based on a patch by Joe Coco, but I hacked it quite a bit.
It attempts to change the xrl pipe group to be 'xorp', and make
the file permissions: owner r/w, group r/w, other read-only.
I removed his part of the patch that changed the owner..I'm not sure
it solved anything.
Permissions with this patch:
[root at lec2010-ath9k-1 ~]# /usr/local/xorp/sbin/xorpsh
[ 2011/03/10 15:06:47.958476 WARNING xorpsh LIBXORP ] read error: _fd: 25 offset: 0 total-len: 4 error: Connection refused
^C
[root at lec2010-ath9k-1 ~]# ls -ltr /var/tmp/
total 0
srw-rw-r-- 1 root xorp 0 Mar 10 15:06 xrl.aAVNEc
srw-rw-r-- 1 root xorp 0 Mar 10 15:06 xrl.kqGP4a
Let me know if you see any problems with this.
Patch:
diff --git a/xorp/libxipc/xrl_pf_unix.cc b/xorp/libxipc/xrl_pf_unix.cc
index 9acd2b9..b24a789 100644
--- a/xorp/libxipc/xrl_pf_unix.cc
+++ b/xorp/libxipc/xrl_pf_unix.cc
@@ -26,6 +26,9 @@
#ifndef HOST_OS_WINDOWS
+#include <pwd.h>
+#include <grp.h>
+
const char* XrlPFUNIXListener::_protocol = "unix";
@@ -44,11 +47,22 @@ XrlPFUNIXListener::XrlPFUNIXListener(EventLoop& e, XrlDispatcher* xr)
xorp_throw(XrlPFConstructorError, comm_get_last_error_str());
}
- // Make sure socket is read/write by group and owner.
- if (chmod(path.c_str(), S_ISUID | S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH
- cerr << "ERROR: Failed chgrp on path: " << path << " error: "
- << strerror(errno) << endl;
- // Carry on, might turn out OK!
+ struct group *grp = getgrnam("xorp");
+ if (grp) {
+ /* Change the group to be 'xorp', leave owner as is. */
+ if (chown(path.c_str(), -1, grp->gr_gid)) {
+ cerr << "ERROR: Failed chown on path: " << path << " error: " << strerror(errno) << endl;
+ }
+ }
+ else {
+ // Something is wrong, probably no xorp user. This is not necessarily
+ // a real problem, so don't want to fill up logs. Might be worth
+ // doing a similar check in xorp_rtrmgr startup and warn once there...
+ }
+
+ /* Owner read/write, group read/write, other read -JC */
+ if (chmod(path.c_str(), S_IWUSR| S_IRUSR| S_IWGRP| S_IRGRP| S_IROTH)) {
+ cerr << "ERROR: Failed chmod on path: " << path << " error: " << strerror(errno) << endl;
}
_address_slash_port = path;
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Xorp-hackers
mailing list