[launchd-changes] [22956] trunk/launchd/src

Thu Nov 16 14:49:30 PST 2006

Revision: 22956
          http://trac.macosforge.org/projects/launchd/changeset/22956
Author:   zarzycki at apple.com
Date:     2006-11-16 14:49:29 -0800 (Thu, 16 Nov 2006)

Log Message:
-----------
More dead code deletion and a few slight refinement to bootstrap logic.

Modified Paths:
--------------
    trunk/launchd/src/launchd.c
    trunk/launchd/src/launchd.h
    trunk/launchd/src/launchd_core_logic.c

Modified: trunk/launchd/src/launchd.c
===================================================================

--- trunk/launchd/src/launchd.c	2006-11-16 22:14:13 UTC (rev 22955)
+++ trunk/launchd/src/launchd.c	2006-11-16 22:49:29 UTC (rev 22956)
@@ -76,7 +76,6 @@
 
 #define PID1LAUNCHD_CONF "/etc/launchd.conf"
 #define LAUNCHD_CONF ".launchd.conf"
-#define LAUNCHCTL_PATH "/bin/launchctl"
 #define SECURITY_LIB "/System/Library/Frameworks/Security.framework/Versions/A/Security"
 
 extern char **environ;
@@ -106,6 +105,7 @@
 static job_t rlcj = NULL;
 static jmp_buf doom_doom_doom;
 static void *crash_addr;
+static const char *launchctl_bootstrap_tool[] = { "/bin/launchctl", "bootstrap", NULL };
 
 sigset_t blocked_signals = 0;
 bool shutdown_in_progress = false;
@@ -250,7 +250,7 @@
 		snprintf(ldconf, sizeof(ldconf), "%s/%s", h, LAUNCHD_CONF);
 	}
 
-	rlcj = job_new(root_jobmgr, READCONF_LABEL, LAUNCHCTL_PATH, NULL, ldconf);
+	rlcj = job_new(root_jobmgr, READCONF_LABEL, NULL, launchctl_bootstrap_tool, ldconf);
 	launchd_assert(rlcj != NULL);
 
 	if (argv[0]) {
@@ -656,31 +656,6 @@
 	syslog(LOG_NOTICE, "Bug: %s:%u (%s):%u: %s", file, line, buf, saved_errno, test);
 }
 
-bool
-progeny_check(pid_t p)
-{
-	pid_t selfpid = getpid();
-
-	while (p != selfpid && p != 1) {
-		int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, p };
-		size_t miblen = sizeof(mib) / sizeof(mib[0]);
-		struct kinfo_proc kp;
-		size_t kplen = sizeof(kp);
-
-		if (launchd_assumes(sysctl(mib, miblen, &kp, &kplen, NULL, 0) != -1) && launchd_assumes(kplen == sizeof(kp))) {
-			p = kp.kp_eproc.e_ppid;
-		} else {
-			return false;
-		}
-	}
-
-	if (p == selfpid) {
-		return true;
-	}
-
-	return false;
-}
-
 void
 launchd_post_kevent(void)
 {

Modified: trunk/launchd/src/launchd.h
===================================================================
--- trunk/launchd/src/launchd.h	2006-11-16 22:14:13 UTC (rev 22955)
+++ trunk/launchd/src/launchd.h	2006-11-16 22:49:29 UTC (rev 22956)
@@ -63,6 +63,4 @@
 
 int _fd(int fd);
 
-bool progeny_check(pid_t p);
-
 #endif

Modified: trunk/launchd/src/launchd_core_logic.c
===================================================================
--- trunk/launchd/src/launchd_core_logic.c	2006-11-16 22:14:13 UTC (rev 22955)
+++ trunk/launchd/src/launchd_core_logic.c	2006-11-16 22:49:29 UTC (rev 22956)
@@ -87,12 +87,8 @@
 #define LAUNCHD_MIN_JOB_RUN_TIME 10
 #define LAUNCHD_ADVISABLE_IDLE_TIMEOUT 30
 
-static au_asid_t inherited_asid;
 mach_port_t inherited_bootstrap_port;
 
-static bool trusted_client_check(job_t j, struct ldcred *ldc);
-
-
 struct machservice {
 	SLIST_ENTRY(machservice) sle;
 	job_t			job;
@@ -3624,21 +3620,19 @@
 
 #define LET_MERE_MORTALS_ADD_SERVERS_TO_PID1
 	/* XXX - This code should go away once the per session launchd is integrated with the rest of the system */
-	#ifdef LET_MERE_MORTALS_ADD_SERVERS_TO_PID1
+#ifdef LET_MERE_MORTALS_ADD_SERVERS_TO_PID1
 	if (getpid() == 1) {
-		if (ldc.euid != 0 && ldc.euid != server_uid) {
+		if (ldc.euid && server_uid && (ldc.euid != server_uid)) {
 			job_log(j, LOG_WARNING, "Server create: \"%s\": Will run as UID %d, not UID %d as they told us to",
 					server_cmd, ldc.euid, server_uid);
 			server_uid = ldc.euid;
 		}
 	} else
 #endif
-	if (!trusted_client_check(j, &ldc)) {
-		return BOOTSTRAP_NOT_PRIVILEGED;
-	} else if (server_uid != getuid()) {
+	if ((getuid() != 0) && server_uid) {
 		job_log(j, LOG_WARNING, "Server create: \"%s\": As UID %d, we will not be able to switch to UID %d",
 				server_cmd, getuid(), server_uid);
-		server_uid = getuid();
+		server_uid = 0; /* zero means "do nothing" */
 	}
 
 	js = job_new_via_mach_init(j, server_cmd, server_uid, on_demand);
@@ -4340,51 +4334,11 @@
 	return BOOTSTRAP_SUCCESS;
 }
 
-bool
-trusted_client_check(job_t j, struct ldcred *ldc)
-{
-	static pid_t last_warned_pid = 0;
-
-	/*
-	 * In the long run, we wish to enforce the progeny rule, but for now,
-	 * we'll let root and the user be forgiven. Once we get CoreProcesses
-	 * to switch to using launchd rather than the WindowServer for indirect
-	 * process invocation, we can then seriously look at cranking up the
-	 * warning level here.
-	 */
-
-	if (inherited_asid == ldc->asid) {
-		return true;
-	}
-	if (progeny_check(ldc->pid)) {
-		return true;
-	}
-	if (ldc->euid == geteuid()) {
-		return true;
-	}
-	if (ldc->euid == 0 && ldc->uid == 0) {
-		return true;
-	}
-	if (last_warned_pid == ldc->pid) {
-		return false;
-	}
-
-	job_log(j, LOG_NOTICE, "Security: PID %d (ASID %d) was leaked into this session (ASID %d). This will be denied in the future.", ldc->pid, ldc->asid, inherited_asid);
-
-	last_warned_pid = ldc->pid;
-
-	return false;
-}
-
 void
 mach_init_init(mach_port_t checkin_port)
 {
-	auditinfo_t inherited_audit;
 	job_t ji, anon_job = NULL;
 
-	getaudit(&inherited_audit);
-	inherited_asid = inherited_audit.ai_asid;
-
 	launchd_assert((root_jobmgr = jobmgr_new(NULL, mach_task_self(), checkin_port)) != NULL);
 
 	SLIST_FOREACH(ji, &root_jobmgr->jobs, sle) {

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20061116/e4b0f86f/attachment.html
