[launchd-changes] [23710] trunk/launchd/src/launchd_core_logic.c

source_changes at macosforge.org source_changes at macosforge.org
Tue Sep 2 11:53:29 PDT 2008 

Revision: 23710
          http://trac.macosforge.org/projects/launchd/changeset/23710
Author:   dsorresso at apple.com
Date:     2008-09-02 11:53:29 -0700 (Tue, 02 Sep 2008)
Log Message:
-----------
Fix for rdar://problem/5982485.

Modified Paths:
--------------
    trunk/launchd/src/launchd_core_logic.c

Modified: trunk/launchd/src/launchd_core_logic.c
===================================================================
--- trunk/launchd/src/launchd_core_logic.c	2008-08-30 00:01:50 UTC (rev 23709)
+++ trunk/launchd/src/launchd_core_logic.c	2008-09-02 18:53:29 UTC (rev 23710)
@@ -7133,25 +7133,32 @@
 job_mig_set_service_policy(job_t j, pid_t target_pid, uint64_t flags, name_t target_service)
 {
 	struct ldcred *ldc = runtime_get_caller_creds();
-	job_t target_j;
+	job_t target_j = NULL;
 
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
+	target_j = jobmgr_find_by_pid(j->mgr, target_pid, true);
+
 	if (ldc->euid && (ldc->euid != getuid())) {		
 		int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, target_pid };
 		struct kinfo_proc kp;
 		size_t len = sizeof(kp);
 
 		job_assumes(j, sysctl(mib, 4, &kp, &len, NULL, 0) != -1);
+		job_assumes(j, len == sizeof(kp));
 
 		uid_t kp_euid = kp.kp_eproc.e_ucred.cr_uid;
 		uid_t kp_uid = kp.kp_eproc.e_pcred.p_ruid;
 
-		job_log(j, LOG_ERR, "Denied Mach service policy update requested by UID/EUID %u/%u against PID %u with UID/EUID %u/%u due to mismatched credentials.", ldc->uid, ldc->euid, target_pid, kp_uid, kp_euid);
+		if( ldc->euid == kp_euid ) {
+			job_log(j, LOG_WARNING, "Working around rdar://problem/5982485 and allowing job to set policy for PID %u. We should discuss having %s run under a per-user launchd.", target_pid, target_j->label);
+		} else {
+			job_log(j, LOG_ERR, "Denied Mach service policy update requested by UID/EUID %u/%u against PID %u with UID/EUID %u/%u due to mismatched credentials.", ldc->uid, ldc->euid, target_pid, kp_uid, kp_euid);
 
-		return BOOTSTRAP_NOT_PRIVILEGED;
+			return BOOTSTRAP_NOT_PRIVILEGED;
+		}
 	}
 
 	if (unlikely(!SLIST_EMPTY(&j->mspolicies))) {
@@ -7159,8 +7166,6 @@
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
-	target_j = jobmgr_find_by_pid(j->mgr, target_pid, true);
-
 	if (unlikely(target_j == NULL)) {
 		if (job_assumes(j, errno == ESRCH)) {
 			job_log(j, LOG_ERR, "Could not find PID %u while trying to set Mach bootstrap service policy: %s", target_pid, target_service);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20080902/82e1efe7/attachment.html

More information about the launchd-changes mailing list