[launchd-changes] [23714] branches/SULeopard/launchd/src/launchd_core_logic.c

source_changes at macosforge.org source_changes at macosforge.org
Fri Sep 19 14:55:47 PDT 2008


Revision: 23714
          http://trac.macosforge.org/projects/launchd/changeset/23714
Author:   dsorresso at apple.com
Date:     2008-09-19 14:55:47 -0700 (Fri, 19 Sep 2008)
Log Message:
-----------
<rdar://problem/6228042> SULeoZip: sandbox_init: Could not set default launchd policy, err=1100

Modified Paths:
--------------
    branches/SULeopard/launchd/src/launchd_core_logic.c

Modified: branches/SULeopard/launchd/src/launchd_core_logic.c
===================================================================
--- branches/SULeopard/launchd/src/launchd_core_logic.c	2008-09-18 00:40:51 UTC (rev 23713)
+++ branches/SULeopard/launchd/src/launchd_core_logic.c	2008-09-19 21:55:47 UTC (rev 23714)
@@ -6668,13 +6668,31 @@
 	runtime_get_caller_creds(&ldc);
 
 #if TARGET_OS_EMBEDDED
-	if (ldc.euid) {
-#else
-	if (ldc.euid && (ldc.euid != getuid())) {
-#endif
+	if( ldc.euid ) {
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
+#else
+	if( ldc.euid && (ldc.euid != getuid()) ) {
+		int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, target_pid };
+		struct kinfo_proc kp;
+		size_t len = sizeof(kp);
 
+		job_assumes(j, sysctl(mib, 4, &kp, &len, NULL, 0) != -1);
+		job_assumes(j, len == sizeof(kp));
+
+		uid_t kp_euid = kp.kp_eproc.e_ucred.cr_uid;
+		uid_t kp_uid = kp.kp_eproc.e_pcred.p_ruid;
+
+		if( ldc.euid == kp_euid ) {
+			job_log(j, LOG_DEBUG, "Working around rdar://problem/5982485 and allowing job to set policy for PID %u.", target_pid);
+		} else {
+			job_log(j, LOG_ERR, "Denied Mach service policy update requested by UID/EUID %u/%u against PID %u with UID/EUID %u/%u due to mismatched credentials.", ldc.uid, ldc.euid, target_pid, kp_uid, kp_euid);
+
+			return BOOTSTRAP_NOT_PRIVILEGED;
+		}
+	}
+#endif
+
 	if (!job_assumes(j, (target_j = jobmgr_find_by_pid(j->mgr, target_pid, true)) != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20080919/0ff310c5/attachment.html 


More information about the launchd-changes mailing list