[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

Sun Apr 4 01:18:57 UTC 2010

The following commit has been merged in the debian/unstable branch:
commit ab56ca922e797da2770651264daa6e7a2785374a
Author: aCaB <acab at clamav.net>
Date:   Thu Feb 4 17:32:42 2010 +0100

    bb#1789 - part one

diff --git a/clamd/clamd.c b/clamd/clamd.c
index 097185e..31b3862 100644
--- a/clamd/clamd.c
+++ b/clamd/clamd.c
@@ -18,6 +18,8 @@
  *  MA 02110-1301, USA.
  */
 
+#define _BSD_SOURCE
+
 #if HAVE_CONFIG_H
 #include "clamav-config.h"
 #endif
@@ -165,8 +167,6 @@ int main(int argc, char **argv)
 	return 0;
     }
 
-    umask(0);
-
     /* drop privileges */
 #ifndef _WIN32
     if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
@@ -464,10 +464,48 @@ int main(int argc, char **argv)
     }
 #ifndef _WIN32
     if(localsock) {
+	mode_t sock_mode, umsk = umask(0777); /* socket is created with 000 to avoid races */
 	if ((lsockets[nlsockets] = localserver(opts)) == -1) {
 	    ret = 1;
+	    umask(umsk);
+	    break;
+	}
+	umask(umsk); /* restore umask */
+	if(optget(opts, "LocalSocketGroup")->enabled) {
+	    char *gname = optget(opts, "LocalSocketGroup")->strarg, *end;
+	    gid_t sock_gid = strtol(gname, &end, 10);
+	    if(*end) {
+		struct group *pgrp = getgrnam(gname);
+		if(!pgrp) {
+		    logg("!Unknown group %s\n", gname);
+		    ret = 1;
+		    break;
+		}
+		sock_gid = pgrp->gr_gid;
+	    }
+	    if(fchown(lsockets[nlsockets], -1, sock_gid)) {
+		logg("!Failed to change socket ownership to group %s\n", gname);
+		ret = 1;
+		break;
+	    }
+	}
+	if(optget(opts, "LocalSocketPerms")->enabled) {
+	    char *end;
+	    sock_mode = strtol(optget(opts, "LocalSocketPerms")->strarg, &end, 8);
+	    if(*end) {
+		logg("!Invalid LocalSocketPerms %s\n", optget(opts, "LocalSocketPerms")->strarg);
+		ret = 1;
+		break;
+	    }
+	} else
+	    sock_mode = 0777 /* & ~umsk*/; /* conservative default: umask was 0 in clamd < 0.96 */
+
+	if(fchmod(lsockets[nlsockets], sock_mode & 0666)) {
+	    logg("!Cannot set socket permission to %s\n", optget(opts, "LocalSocketPerms")->strarg);
+	    ret = 1;
 	    break;
 	}
+
 	nlsockets++;
     }
 
diff --git a/shared/optparser.c b/shared/optparser.c
index 89e4ac5..fc40bc1 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -184,6 +184,10 @@ const struct clam_option __clam_options[] = {
 
     { "LocalSocket", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "/tmp/clamd.socket" },
 
+    { "LocalSocketGroup", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the group ownership on the unix socket.", "virusgroup" },
+
+    { "LocalSocketPerms", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the permissions on the unix socket.", "660" },
+
     { "FixStaleSocket", NULL, 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Remove a stale socket after unclean shutdown", "yes" },
 
     { "TCPSocket", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD, "A TCP port number the daemon will listen on.", "3310" },

-- 
Debian repository for ClamAV

