[Xorp-hackers] Patch to fix xrl pipe permissions.

Ben Greear greearb at candelatech.com
Thu Mar 10 15:12:53 PST 2011 

This is based on a patch by Joe Coco, but I hacked it quite a bit.

It attempts to change the xrl pipe group to be 'xorp', and make
the file permissions: owner r/w, group r/w, other read-only.

I removed his part of the patch that changed the owner..I'm not sure
it solved anything.

Permissions with this patch:

[root at lec2010-ath9k-1 ~]# /usr/local/xorp/sbin/xorpsh
[ 2011/03/10 15:06:47.958476 WARNING xorpsh LIBXORP ] read error: _fd: 25  offset: 0  total-len: 4 error: Connection refused
^C
[root at lec2010-ath9k-1 ~]# ls -ltr /var/tmp/
total 0
srw-rw-r-- 1 root xorp 0 Mar 10 15:06 xrl.aAVNEc
srw-rw-r-- 1 root xorp 0 Mar 10 15:06 xrl.kqGP4a


Let me know if you see any problems with this.


Patch:

diff --git a/xorp/libxipc/xrl_pf_unix.cc b/xorp/libxipc/xrl_pf_unix.cc
index 9acd2b9..b24a789 100644
--- a/xorp/libxipc/xrl_pf_unix.cc
+++ b/xorp/libxipc/xrl_pf_unix.cc
@@ -26,6 +26,9 @@

  #ifndef        HOST_OS_WINDOWS

+#include <pwd.h>
+#include <grp.h>
+

  const char* XrlPFUNIXListener::_protocol = "unix";

@@ -44,11 +47,22 @@ XrlPFUNIXListener::XrlPFUNIXListener(EventLoop& e, XrlDispatcher* xr)
          xorp_throw(XrlPFConstructorError, comm_get_last_error_str());
      }

-    // Make sure socket is read/write by group and owner.
-    if (chmod(path.c_str(), S_ISUID | S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH
-       cerr << "ERROR:  Failed chgrp on path: " << path << " error: "
-            << strerror(errno) << endl;
-       // Carry on, might turn out OK!
+    struct group *grp = getgrnam("xorp");
+    if (grp) {
+       /* Change the group to be 'xorp', leave owner as is. */
+       if (chown(path.c_str(), -1, grp->gr_gid)) {
+           cerr << "ERROR: Failed chown on path: " << path << " error: " << strerror(errno) << endl;
+       }
+    }
+    else {
+       // Something is wrong, probably no xorp user.  This is not necessarily
+       // a real problem, so don't want to fill up logs.  Might be worth
+       // doing a similar check in xorp_rtrmgr startup and warn once there...
+    }
+
+    /* Owner read/write, group read/write, other read -JC */
+    if (chmod(path.c_str(), S_IWUSR| S_IRUSR| S_IWGRP| S_IRGRP| S_IROTH)) {
+       cerr << "ERROR: Failed chmod on path: " << path << " error: " << strerror(errno) << endl;
      }

      _address_slash_port = path;


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

More information about the Xorp-hackers mailing list