[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
aCaB
acab at clamav.net
Sun Apr 4 01:18:57 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit ab56ca922e797da2770651264daa6e7a2785374a
Author: aCaB <acab at clamav.net>
Date: Thu Feb 4 17:32:42 2010 +0100
bb#1789 - part one
diff --git a/clamd/clamd.c b/clamd/clamd.c
index 097185e..31b3862 100644
--- a/clamd/clamd.c
+++ b/clamd/clamd.c
@@ -18,6 +18,8 @@
* MA 02110-1301, USA.
*/
+#define _BSD_SOURCE
+
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
@@ -165,8 +167,6 @@ int main(int argc, char **argv)
return 0;
}
- umask(0);
-
/* drop privileges */
#ifndef _WIN32
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
@@ -464,10 +464,48 @@ int main(int argc, char **argv)
}
#ifndef _WIN32
if(localsock) {
+ mode_t sock_mode, umsk = umask(0777); /* socket is created with 000 to avoid races */
if ((lsockets[nlsockets] = localserver(opts)) == -1) {
ret = 1;
+ umask(umsk);
+ break;
+ }
+ umask(umsk); /* restore umask */
+ if(optget(opts, "LocalSocketGroup")->enabled) {
+ char *gname = optget(opts, "LocalSocketGroup")->strarg, *end;
+ gid_t sock_gid = strtol(gname, &end, 10);
+ if(*end) {
+ struct group *pgrp = getgrnam(gname);
+ if(!pgrp) {
+ logg("!Unknown group %s\n", gname);
+ ret = 1;
+ break;
+ }
+ sock_gid = pgrp->gr_gid;
+ }
+ if(fchown(lsockets[nlsockets], -1, sock_gid)) {
+ logg("!Failed to change socket ownership to group %s\n", gname);
+ ret = 1;
+ break;
+ }
+ }
+ if(optget(opts, "LocalSocketPerms")->enabled) {
+ char *end;
+ sock_mode = strtol(optget(opts, "LocalSocketPerms")->strarg, &end, 8);
+ if(*end) {
+ logg("!Invalid LocalSocketPerms %s\n", optget(opts, "LocalSocketPerms")->strarg);
+ ret = 1;
+ break;
+ }
+ } else
+ sock_mode = 0777 /* & ~umsk*/; /* conservative default: umask was 0 in clamd < 0.96 */
+
+ if(fchmod(lsockets[nlsockets], sock_mode & 0666)) {
+ logg("!Cannot set socket permission to %s\n", optget(opts, "LocalSocketPerms")->strarg);
+ ret = 1;
break;
}
+
nlsockets++;
}
diff --git a/shared/optparser.c b/shared/optparser.c
index 89e4ac5..fc40bc1 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -184,6 +184,10 @@ const struct clam_option __clam_options[] = {
{ "LocalSocket", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "/tmp/clamd.socket" },
+ { "LocalSocketGroup", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the group ownership on the unix socket.", "virusgroup" },
+
+ { "LocalSocketPerms", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the permissions on the unix socket.", "660" },
+
{ "FixStaleSocket", NULL, 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Remove a stale socket after unclean shutdown", "yes" },
{ "TCPSocket", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD, "A TCP port number the daemon will listen on.", "3310" },
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list