[launchd-changes] [22956] trunk/launchd/src
source_changes at macosforge.org
source_changes at macosforge.org
Thu Nov 16 14:49:30 PST 2006
Revision: 22956
http://trac.macosforge.org/projects/launchd/changeset/22956
Author: zarzycki at apple.com
Date: 2006-11-16 14:49:29 -0800 (Thu, 16 Nov 2006)
Log Message:
-----------
More dead code deletion and a few slight refinement to bootstrap logic.
Modified Paths:
--------------
trunk/launchd/src/launchd.c
trunk/launchd/src/launchd.h
trunk/launchd/src/launchd_core_logic.c
Modified: trunk/launchd/src/launchd.c
===================================================================
--- trunk/launchd/src/launchd.c 2006-11-16 22:14:13 UTC (rev 22955)
+++ trunk/launchd/src/launchd.c 2006-11-16 22:49:29 UTC (rev 22956)
@@ -76,7 +76,6 @@
#define PID1LAUNCHD_CONF "/etc/launchd.conf"
#define LAUNCHD_CONF ".launchd.conf"
-#define LAUNCHCTL_PATH "/bin/launchctl"
#define SECURITY_LIB "/System/Library/Frameworks/Security.framework/Versions/A/Security"
extern char **environ;
@@ -106,6 +105,7 @@
static job_t rlcj = NULL;
static jmp_buf doom_doom_doom;
static void *crash_addr;
+static const char *launchctl_bootstrap_tool[] = { "/bin/launchctl", "bootstrap", NULL };
sigset_t blocked_signals = 0;
bool shutdown_in_progress = false;
@@ -250,7 +250,7 @@
snprintf(ldconf, sizeof(ldconf), "%s/%s", h, LAUNCHD_CONF);
}
- rlcj = job_new(root_jobmgr, READCONF_LABEL, LAUNCHCTL_PATH, NULL, ldconf);
+ rlcj = job_new(root_jobmgr, READCONF_LABEL, NULL, launchctl_bootstrap_tool, ldconf);
launchd_assert(rlcj != NULL);
if (argv[0]) {
@@ -656,31 +656,6 @@
syslog(LOG_NOTICE, "Bug: %s:%u (%s):%u: %s", file, line, buf, saved_errno, test);
}
-bool
-progeny_check(pid_t p)
-{
- pid_t selfpid = getpid();
-
- while (p != selfpid && p != 1) {
- int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, p };
- size_t miblen = sizeof(mib) / sizeof(mib[0]);
- struct kinfo_proc kp;
- size_t kplen = sizeof(kp);
-
- if (launchd_assumes(sysctl(mib, miblen, &kp, &kplen, NULL, 0) != -1) && launchd_assumes(kplen == sizeof(kp))) {
- p = kp.kp_eproc.e_ppid;
- } else {
- return false;
- }
- }
-
- if (p == selfpid) {
- return true;
- }
-
- return false;
-}
-
void
launchd_post_kevent(void)
{
Modified: trunk/launchd/src/launchd.h
===================================================================
--- trunk/launchd/src/launchd.h 2006-11-16 22:14:13 UTC (rev 22955)
+++ trunk/launchd/src/launchd.h 2006-11-16 22:49:29 UTC (rev 22956)
@@ -63,6 +63,4 @@
int _fd(int fd);
-bool progeny_check(pid_t p);
-
#endif
Modified: trunk/launchd/src/launchd_core_logic.c
===================================================================
--- trunk/launchd/src/launchd_core_logic.c 2006-11-16 22:14:13 UTC (rev 22955)
+++ trunk/launchd/src/launchd_core_logic.c 2006-11-16 22:49:29 UTC (rev 22956)
@@ -87,12 +87,8 @@
#define LAUNCHD_MIN_JOB_RUN_TIME 10
#define LAUNCHD_ADVISABLE_IDLE_TIMEOUT 30
-static au_asid_t inherited_asid;
mach_port_t inherited_bootstrap_port;
-static bool trusted_client_check(job_t j, struct ldcred *ldc);
-
-
struct machservice {
SLIST_ENTRY(machservice) sle;
job_t job;
@@ -3624,21 +3620,19 @@
#define LET_MERE_MORTALS_ADD_SERVERS_TO_PID1
/* XXX - This code should go away once the per session launchd is integrated with the rest of the system */
- #ifdef LET_MERE_MORTALS_ADD_SERVERS_TO_PID1
+#ifdef LET_MERE_MORTALS_ADD_SERVERS_TO_PID1
if (getpid() == 1) {
- if (ldc.euid != 0 && ldc.euid != server_uid) {
+ if (ldc.euid && server_uid && (ldc.euid != server_uid)) {
job_log(j, LOG_WARNING, "Server create: \"%s\": Will run as UID %d, not UID %d as they told us to",
server_cmd, ldc.euid, server_uid);
server_uid = ldc.euid;
}
} else
#endif
- if (!trusted_client_check(j, &ldc)) {
- return BOOTSTRAP_NOT_PRIVILEGED;
- } else if (server_uid != getuid()) {
+ if ((getuid() != 0) && server_uid) {
job_log(j, LOG_WARNING, "Server create: \"%s\": As UID %d, we will not be able to switch to UID %d",
server_cmd, getuid(), server_uid);
- server_uid = getuid();
+ server_uid = 0; /* zero means "do nothing" */
}
js = job_new_via_mach_init(j, server_cmd, server_uid, on_demand);
@@ -4340,51 +4334,11 @@
return BOOTSTRAP_SUCCESS;
}
-bool
-trusted_client_check(job_t j, struct ldcred *ldc)
-{
- static pid_t last_warned_pid = 0;
-
- /*
- * In the long run, we wish to enforce the progeny rule, but for now,
- * we'll let root and the user be forgiven. Once we get CoreProcesses
- * to switch to using launchd rather than the WindowServer for indirect
- * process invocation, we can then seriously look at cranking up the
- * warning level here.
- */
-
- if (inherited_asid == ldc->asid) {
- return true;
- }
- if (progeny_check(ldc->pid)) {
- return true;
- }
- if (ldc->euid == geteuid()) {
- return true;
- }
- if (ldc->euid == 0 && ldc->uid == 0) {
- return true;
- }
- if (last_warned_pid == ldc->pid) {
- return false;
- }
-
- job_log(j, LOG_NOTICE, "Security: PID %d (ASID %d) was leaked into this session (ASID %d). This will be denied in the future.", ldc->pid, ldc->asid, inherited_asid);
-
- last_warned_pid = ldc->pid;
-
- return false;
-}
-
void
mach_init_init(mach_port_t checkin_port)
{
- auditinfo_t inherited_audit;
job_t ji, anon_job = NULL;
- getaudit(&inherited_audit);
- inherited_asid = inherited_audit.ai_asid;
-
launchd_assert((root_jobmgr = jobmgr_new(NULL, mach_task_self(), checkin_port)) != NULL);
SLIST_FOREACH(ji, &root_jobmgr->jobs, sle) {
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20061116/e4b0f86f/attachment.html
More information about the launchd-changes
mailing list