Revision: 22956 http://trac.macosforge.org/projects/launchd/changeset/22956 Author: zarzycki@apple.com Date: 2006-11-16 14:49:29 -0800 (Thu, 16 Nov 2006) Log Message: ----------- More dead code deletion and a few slight refinement to bootstrap logic. Modified Paths: -------------- trunk/launchd/src/launchd.c trunk/launchd/src/launchd.h trunk/launchd/src/launchd_core_logic.c Modified: trunk/launchd/src/launchd.c =================================================================== --- trunk/launchd/src/launchd.c 2006-11-16 22:14:13 UTC (rev 22955) +++ trunk/launchd/src/launchd.c 2006-11-16 22:49:29 UTC (rev 22956) @@ -76,7 +76,6 @@ #define PID1LAUNCHD_CONF "/etc/launchd.conf" #define LAUNCHD_CONF ".launchd.conf" -#define LAUNCHCTL_PATH "/bin/launchctl" #define SECURITY_LIB "/System/Library/Frameworks/Security.framework/Versions/A/Security" extern char **environ; @@ -106,6 +105,7 @@ static job_t rlcj = NULL; static jmp_buf doom_doom_doom; static void *crash_addr; +static const char *launchctl_bootstrap_tool[] = { "/bin/launchctl", "bootstrap", NULL }; sigset_t blocked_signals = 0; bool shutdown_in_progress = false; @@ -250,7 +250,7 @@ snprintf(ldconf, sizeof(ldconf), "%s/%s", h, LAUNCHD_CONF); } - rlcj = job_new(root_jobmgr, READCONF_LABEL, LAUNCHCTL_PATH, NULL, ldconf); + rlcj = job_new(root_jobmgr, READCONF_LABEL, NULL, launchctl_bootstrap_tool, ldconf); launchd_assert(rlcj != NULL); if (argv[0]) { @@ -656,31 +656,6 @@ syslog(LOG_NOTICE, "Bug: %s:%u (%s):%u: %s", file, line, buf, saved_errno, test); } -bool -progeny_check(pid_t p) -{ - pid_t selfpid = getpid(); - - while (p != selfpid && p != 1) { - int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, p }; - size_t miblen = sizeof(mib) / sizeof(mib[0]); - struct kinfo_proc kp; - size_t kplen = sizeof(kp); - - if (launchd_assumes(sysctl(mib, miblen, &kp, &kplen, NULL, 0) != -1) && launchd_assumes(kplen == sizeof(kp))) { - p = kp.kp_eproc.e_ppid; - } else { - return false; - } - } - - if (p == selfpid) { - return true; - } - - return false; -} - void launchd_post_kevent(void) { Modified: trunk/launchd/src/launchd.h =================================================================== --- trunk/launchd/src/launchd.h 2006-11-16 22:14:13 UTC (rev 22955) +++ trunk/launchd/src/launchd.h 2006-11-16 22:49:29 UTC (rev 22956) @@ -63,6 +63,4 @@ int _fd(int fd); -bool progeny_check(pid_t p); - #endif Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2006-11-16 22:14:13 UTC (rev 22955) +++ trunk/launchd/src/launchd_core_logic.c 2006-11-16 22:49:29 UTC (rev 22956) @@ -87,12 +87,8 @@ #define LAUNCHD_MIN_JOB_RUN_TIME 10 #define LAUNCHD_ADVISABLE_IDLE_TIMEOUT 30 -static au_asid_t inherited_asid; mach_port_t inherited_bootstrap_port; -static bool trusted_client_check(job_t j, struct ldcred *ldc); - - struct machservice { SLIST_ENTRY(machservice) sle; job_t job; @@ -3624,21 +3620,19 @@ #define LET_MERE_MORTALS_ADD_SERVERS_TO_PID1 /* XXX - This code should go away once the per session launchd is integrated with the rest of the system */ - #ifdef LET_MERE_MORTALS_ADD_SERVERS_TO_PID1 +#ifdef LET_MERE_MORTALS_ADD_SERVERS_TO_PID1 if (getpid() == 1) { - if (ldc.euid != 0 && ldc.euid != server_uid) { + if (ldc.euid && server_uid && (ldc.euid != server_uid)) { job_log(j, LOG_WARNING, "Server create: \"%s\": Will run as UID %d, not UID %d as they told us to", server_cmd, ldc.euid, server_uid); server_uid = ldc.euid; } } else #endif - if (!trusted_client_check(j, &ldc)) { - return BOOTSTRAP_NOT_PRIVILEGED; - } else if (server_uid != getuid()) { + if ((getuid() != 0) && server_uid) { job_log(j, LOG_WARNING, "Server create: \"%s\": As UID %d, we will not be able to switch to UID %d", server_cmd, getuid(), server_uid); - server_uid = getuid(); + server_uid = 0; /* zero means "do nothing" */ } js = job_new_via_mach_init(j, server_cmd, server_uid, on_demand); @@ -4340,51 +4334,11 @@ return BOOTSTRAP_SUCCESS; } -bool -trusted_client_check(job_t j, struct ldcred *ldc) -{ - static pid_t last_warned_pid = 0; - - /* - * In the long run, we wish to enforce the progeny rule, but for now, - * we'll let root and the user be forgiven. Once we get CoreProcesses - * to switch to using launchd rather than the WindowServer for indirect - * process invocation, we can then seriously look at cranking up the - * warning level here. - */ - - if (inherited_asid == ldc->asid) { - return true; - } - if (progeny_check(ldc->pid)) { - return true; - } - if (ldc->euid == geteuid()) { - return true; - } - if (ldc->euid == 0 && ldc->uid == 0) { - return true; - } - if (last_warned_pid == ldc->pid) { - return false; - } - - job_log(j, LOG_NOTICE, "Security: PID %d (ASID %d) was leaked into this session (ASID %d). This will be denied in the future.", ldc->pid, ldc->asid, inherited_asid); - - last_warned_pid = ldc->pid; - - return false; -} - void mach_init_init(mach_port_t checkin_port) { - auditinfo_t inherited_audit; job_t ji, anon_job = NULL; - getaudit(&inherited_audit); - inherited_asid = inherited_audit.ai_asid; - launchd_assert((root_jobmgr = jobmgr_new(NULL, mach_task_self(), checkin_port)) != NULL); SLIST_FOREACH(ji, &root_jobmgr->jobs, sle) {