Revision: 23710 http://trac.macosforge.org/projects/launchd/changeset/23710 Author: dsorresso@apple.com Date: 2008-09-02 11:53:29 -0700 (Tue, 02 Sep 2008) Log Message: ----------- Fix for rdar://problem/5982485. Modified Paths: -------------- trunk/launchd/src/launchd_core_logic.c Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2008-08-30 00:01:50 UTC (rev 23709) +++ trunk/launchd/src/launchd_core_logic.c 2008-09-02 18:53:29 UTC (rev 23710) @@ -7133,25 +7133,32 @@ job_mig_set_service_policy(job_t j, pid_t target_pid, uint64_t flags, name_t target_service) { struct ldcred *ldc = runtime_get_caller_creds(); - job_t target_j; + job_t target_j = NULL; if (!launchd_assumes(j != NULL)) { return BOOTSTRAP_NO_MEMORY; } + target_j = jobmgr_find_by_pid(j->mgr, target_pid, true); + if (ldc->euid && (ldc->euid != getuid())) { int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, target_pid }; struct kinfo_proc kp; size_t len = sizeof(kp); job_assumes(j, sysctl(mib, 4, &kp, &len, NULL, 0) != -1); + job_assumes(j, len == sizeof(kp)); uid_t kp_euid = kp.kp_eproc.e_ucred.cr_uid; uid_t kp_uid = kp.kp_eproc.e_pcred.p_ruid; - job_log(j, LOG_ERR, "Denied Mach service policy update requested by UID/EUID %u/%u against PID %u with UID/EUID %u/%u due to mismatched credentials.", ldc->uid, ldc->euid, target_pid, kp_uid, kp_euid); + if( ldc->euid == kp_euid ) { + job_log(j, LOG_WARNING, "Working around rdar://problem/5982485 and allowing job to set policy for PID %u. We should discuss having %s run under a per-user launchd.", target_pid, target_j->label); + } else { + job_log(j, LOG_ERR, "Denied Mach service policy update requested by UID/EUID %u/%u against PID %u with UID/EUID %u/%u due to mismatched credentials.", ldc->uid, ldc->euid, target_pid, kp_uid, kp_euid); - return BOOTSTRAP_NOT_PRIVILEGED; + return BOOTSTRAP_NOT_PRIVILEGED; + } } if (unlikely(!SLIST_EMPTY(&j->mspolicies))) { @@ -7159,8 +7166,6 @@ return BOOTSTRAP_NOT_PRIVILEGED; } - target_j = jobmgr_find_by_pid(j->mgr, target_pid, true); - if (unlikely(target_j == NULL)) { if (job_assumes(j, errno == ESRCH)) { job_log(j, LOG_ERR, "Could not find PID %u while trying to set Mach bootstrap service policy: %s", target_pid, target_service);