Modified: trunk/launchd/src/launchd_core_logic.c (23709 => 23710)
--- trunk/launchd/src/launchd_core_logic.c 2008-08-30 00:01:50 UTC (rev 23709)
+++ trunk/launchd/src/launchd_core_logic.c 2008-09-02 18:53:29 UTC (rev 23710)
@@ -7133,25 +7133,32 @@
job_mig_set_service_policy(job_t j, pid_t target_pid, uint64_t flags, name_t target_service)
{
struct ldcred *ldc = runtime_get_caller_creds();
- job_t target_j;
+ job_t target_j = NULL;
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
+ target_j = jobmgr_find_by_pid(j->mgr, target_pid, true);
+
if (ldc->euid && (ldc->euid != getuid())) {
int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, target_pid };
struct kinfo_proc kp;
size_t len = sizeof(kp);
job_assumes(j, sysctl(mib, 4, &kp, &len, NULL, 0) != -1);
+ job_assumes(j, len == sizeof(kp));
uid_t kp_euid = kp.kp_eproc.e_ucred.cr_uid;
uid_t kp_uid = kp.kp_eproc.e_pcred.p_ruid;
- job_log(j, LOG_ERR, "Denied Mach service policy update requested by UID/EUID %u/%u against PID %u with UID/EUID %u/%u due to mismatched credentials.", ldc->uid, ldc->euid, target_pid, kp_uid, kp_euid);
+ if( ldc->euid == kp_euid ) {
+ job_log(j, LOG_WARNING, "Working around rdar://problem/5982485 and allowing job to set policy for PID %u. We should discuss having %s run under a per-user launchd.", target_pid, target_j->label);
+ } else {
+ job_log(j, LOG_ERR, "Denied Mach service policy update requested by UID/EUID %u/%u against PID %u with UID/EUID %u/%u due to mismatched credentials.", ldc->uid, ldc->euid, target_pid, kp_uid, kp_euid);
- return BOOTSTRAP_NOT_PRIVILEGED;
+ return BOOTSTRAP_NOT_PRIVILEGED;
+ }
}
if (unlikely(!SLIST_EMPTY(&j->mspolicies))) {
@@ -7159,8 +7166,6 @@
return BOOTSTRAP_NOT_PRIVILEGED;
}
- target_j = jobmgr_find_by_pid(j->mgr, target_pid, true);
-
if (unlikely(target_j == NULL)) {
if (job_assumes(j, errno == ESRCH)) {
job_log(j, LOG_ERR, "Could not find PID %u while trying to set Mach bootstrap service policy: %s", target_pid, target_service);