[Xorp-users] Things to do for the upcoming 1.8.3 release.
Joe Coco
jcoco at meccorp.mec.edu
Wed Mar 9 11:35:33 PST 2011
Hi Ben,
Here is the XRL permissions patch. All this does is look up the uid and gid of xorp per unix98 standard
and set the permissions/owner appropriately for the XRL files. I found, at least on my system, that fea
would write the files as root:root, and xorpsh running as stripped privilege user 'xorp' could not read/write
to the xrp files in /var/tmp
If my logic is flawed, please let me know but it 'works for me' :)
--Joe
--- xorp/libxipc/xrl_pf_unix.cc-orig 2011-03-09 14:20:45.000000000 -0500
+++ xorp/libxipc/xrl_pf_unix.cc 2011-03-09 14:16:30.000000000 -0500
@@ -23,6 +23,8 @@
#include "xrl_pf_unix.hh"
#include "libcomm/comm_api.h"
#include "sockutil.hh"
+#include <pwd.h>
+#include <grp.h>
#ifndef HOST_OS_WINDOWS
@@ -32,6 +34,11 @@
XrlPFUNIXListener::XrlPFUNIXListener(EventLoop& e, XrlDispatcher* xr)
: XrlPFSTCPListener(&e, xr)
{
+
+struct passwd *pwd; /* For UID of XORP user */
+struct group *grp; /* For GID of XORP group */
+
+
string path = get_sock_path();
_sock = comm_bind_unix(path.c_str(), COMM_SOCK_NONBLOCKING);
@@ -44,12 +51,50 @@
xorp_throw(XrlPFConstructorError, comm_get_last_error_str());
}
+
+/* This didn't quite work for my system, so I changed it to load user/group xorp per unix98 std -JC */
+
// Make sure socket is read/write by group and owner.
- if (chmod(path.c_str(), S_ISUID | S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH ) < 0) {
- cerr << "ERROR: Failed chgrp on path: " << path << " error: "
- << strerror(errno) << endl;
- // Carry on, might turn out OK!
- }
+ // if (chmod(path.c_str(), S_ISUID | S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH ) < 0) {
+ // cerr << "ERROR: Failed chgrp on path: " << path << " error: "
+ // << strerror(errno) << endl;
+ // Carry on, might turn out OK!
+ // }
+
+
+pwd = getpwnam("xorp");
+grp = getgrnam("xorp");
+
+
+ if (pwd == NULL) {
+
+ cerr << "ERROR: Failed to get UID of xorp user!" << endl;
+ exit(0);
+ }
+
+
+ if (grp == NULL) {
+
+ cerr << "ERROR: Failed to get GID of xorp group!" << endl;
+ exit(0);
+ }
+
+
+/* If we got here at least XORP user and group exist */
+
+ if (chown(path.c_str(), pwd->pw_uid, grp->gr_gid)) {
+
+ cerr << "ERROR: Failed chown on path: " << path << " error: " << strerror(errno) << endl;
+}
+
+ /* Owner read/write, group read/write, other read -JC */
+
+ if (chmod(path.c_str(), S_IWUSR| S_IRUSR| S_IWGRP| S_IRGRP| S_IROTH)) {
+ cerr << "ERROR: Failed chmod on path: " << path << " error: " << strerror(errno) << endl;
+ }
+
+/* Ok end of breaking xorp -JC */
+
_address_slash_port = path;
encode_address(_address_slash_port);
More information about the Xorp-users
mailing list