svn commit: r207582 - stable/6/usr.sbin/daemon

Mon May 3 19:48:22 UTC 2010

Author: delphij
Date: Mon May  3 19:48:21 2010
New Revision: 207582
URL: http://svn.freebsd.org/changeset/base/207582

Log:
  MFC r147906-201389, this sync'ed daemon(8) with -HEAD except the
  WARNS change.
  
  The most important change is the newly added privilege dropping
  feature by trhodes and others.
  
  Requested by:	glarkin
  PR:		bin/146266

Modified:
  stable/6/usr.sbin/daemon/daemon.8
  stable/6/usr.sbin/daemon/daemon.c
Directory Properties:
  stable/6/usr.sbin/daemon/   (props changed)

Modified: stable/6/usr.sbin/daemon/daemon.8
==============================================================================

--- stable/6/usr.sbin/daemon/daemon.8	Mon May  3 19:38:59 2010	(r207581)
+++ stable/6/usr.sbin/daemon/daemon.8	Mon May  3 19:48:21 2010	(r207582)
@@ -26,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 30, 2001
+.Dd March 19, 2007
 .Dt DAEMON 8
 .Os
 .Sh NAME
@@ -36,12 +36,14 @@
 .Nm
 .Op Fl cf
 .Op Fl p Ar pidfile
+.Op Fl u Ar user
 .Ar command arguments ...
 .Sh DESCRIPTION
 The
 .Nm
 utility detaches itself from the controlling terminal and
 executes the program specified by its arguments.
+Privileges may be lowered to the specified user.
 .Pp
 The options are as follows:
 .Bl -tag -width indent
@@ -54,12 +56,14 @@ Redirect standard input, standard output
 .It Fl p Ar file
 Write the ID of the created process into the
 .Ar file
-using
+using the
 .Xr pidfile 3
 functionality.
 Note, that the file will be created shortly before the process is
 actually executed, and will remain after the process exits (although
 it will be removed if the execution fails).
+.It Fl u Ar user
+Run the program with the rights of user specified, requires privilege.
 .El
 .Sh EXIT STATUS
 The
@@ -77,6 +81,8 @@ standard error unless the
 .Fl f
 flag is specified.
 .Sh SEE ALSO
+.Xr setregid 2 ,
+.Xr setreuid 2 ,
 .Xr daemon 3 ,
 .Xr exec 3 ,
 .Xr pidfile 3 ,

Modified: stable/6/usr.sbin/daemon/daemon.c
==============================================================================
--- stable/6/usr.sbin/daemon/daemon.c	Mon May  3 19:38:59 2010	(r207581)
+++ stable/6/usr.sbin/daemon/daemon.c	Mon May  3 19:48:21 2010	(r207582)
@@ -35,24 +35,27 @@ __FBSDID("$FreeBSD$");
 
 #include <err.h>
 #include <errno.h>
+#include <pwd.h>
 #include <libutil.h>
+#include <login_cap.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 
+static void restrict_process(const char *);
 static void usage(void);
 
 int
 main(int argc, char *argv[])
 {
-	struct pidfh *pfh;
+	struct pidfh *pfh = NULL;
 	int ch, nochdir, noclose, errcode;
-	const char *pidfile;
+	const char *pidfile, *user;
 	pid_t otherpid;
 
 	nochdir = noclose = 1;
-	pidfile = NULL;
-	while ((ch = getopt(argc, argv, "-cfp:")) != -1) {
+	pidfile = user = NULL;
+	while ((ch = getopt(argc, argv, "-cfp:u:")) != -1) {
 		switch (ch) {
 		case 'c':
 			nochdir = 0;
@@ -63,6 +66,9 @@ main(int argc, char *argv[])
 		case 'p':
 			pidfile = optarg;
 			break;
+		case 'u':
+			user = optarg;
+			break;
 		default:
 			usage();
 		}
@@ -72,6 +78,10 @@ main(int argc, char *argv[])
 
 	if (argc == 0)
 		usage();
+
+	if (user != NULL)
+		restrict_process(user);
+
 	/*
 	 * Try to open the pidfile before calling daemon(3),
 	 * to be able to report the error intelligently
@@ -109,9 +119,23 @@ main(int argc, char *argv[])
 }
 
 static void
+restrict_process(const char *user)
+{
+	struct passwd *pw = NULL;
+
+	pw = getpwnam(user);
+	if (pw == NULL)
+		errx(1, "unknown user: %s", user);
+
+	if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0)
+		errx(1, "failed to set user environment");
+}
+
+static void
 usage(void)
 {
 	(void)fprintf(stderr,
-	    "usage: daemon [-cf] [-p pidfile] command arguments ...\n");
+	    "usage: daemon [-cf] [-p pidfile] [-u user] command "
+		"arguments ...\n");
 	exit(1);
 }
