[launchd-changes] [23710] trunk/launchd/src/launchd_core_logic.c
source_changes at macosforge.org
source_changes at macosforge.org
Tue Sep 2 11:53:29 PDT 2008
Revision: 23710
http://trac.macosforge.org/projects/launchd/changeset/23710
Author: dsorresso at apple.com
Date: 2008-09-02 11:53:29 -0700 (Tue, 02 Sep 2008)
Log Message:
-----------
Fix for rdar://problem/5982485.
Modified Paths:
--------------
trunk/launchd/src/launchd_core_logic.c
Modified: trunk/launchd/src/launchd_core_logic.c
===================================================================
--- trunk/launchd/src/launchd_core_logic.c 2008-08-30 00:01:50 UTC (rev 23709)
+++ trunk/launchd/src/launchd_core_logic.c 2008-09-02 18:53:29 UTC (rev 23710)
@@ -7133,25 +7133,32 @@
job_mig_set_service_policy(job_t j, pid_t target_pid, uint64_t flags, name_t target_service)
{
struct ldcred *ldc = runtime_get_caller_creds();
- job_t target_j;
+ job_t target_j = NULL;
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
+ target_j = jobmgr_find_by_pid(j->mgr, target_pid, true);
+
if (ldc->euid && (ldc->euid != getuid())) {
int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, target_pid };
struct kinfo_proc kp;
size_t len = sizeof(kp);
job_assumes(j, sysctl(mib, 4, &kp, &len, NULL, 0) != -1);
+ job_assumes(j, len == sizeof(kp));
uid_t kp_euid = kp.kp_eproc.e_ucred.cr_uid;
uid_t kp_uid = kp.kp_eproc.e_pcred.p_ruid;
- job_log(j, LOG_ERR, "Denied Mach service policy update requested by UID/EUID %u/%u against PID %u with UID/EUID %u/%u due to mismatched credentials.", ldc->uid, ldc->euid, target_pid, kp_uid, kp_euid);
+ if( ldc->euid == kp_euid ) {
+ job_log(j, LOG_WARNING, "Working around rdar://problem/5982485 and allowing job to set policy for PID %u. We should discuss having %s run under a per-user launchd.", target_pid, target_j->label);
+ } else {
+ job_log(j, LOG_ERR, "Denied Mach service policy update requested by UID/EUID %u/%u against PID %u with UID/EUID %u/%u due to mismatched credentials.", ldc->uid, ldc->euid, target_pid, kp_uid, kp_euid);
- return BOOTSTRAP_NOT_PRIVILEGED;
+ return BOOTSTRAP_NOT_PRIVILEGED;
+ }
}
if (unlikely(!SLIST_EMPTY(&j->mspolicies))) {
@@ -7159,8 +7166,6 @@
return BOOTSTRAP_NOT_PRIVILEGED;
}
- target_j = jobmgr_find_by_pid(j->mgr, target_pid, true);
-
if (unlikely(target_j == NULL)) {
if (job_assumes(j, errno == ESRCH)) {
job_log(j, LOG_ERR, "Could not find PID %u while trying to set Mach bootstrap service policy: %s", target_pid, target_service);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20080902/82e1efe7/attachment.html
More information about the launchd-changes
mailing list