5c7840c4a2
this and turn it on by default. Current gamin uses the current real uid to determine the location of the socket and during the security routines. It also forks off a copy of "gam_server" as the current real uid as well. This breaks gamin functionality with any application that uses effective an uid/gid for privilege separation, such as samba. Samba runs as root, but always sets the effective uid/gid to that of the connecting user. Since gamin is only aware of the real uid, it always creates a root-owned gamin socket that the effective user can't touch (gamin's own security checks refuse it). PR: ports/176203 Submitted by: Danny Warren <danny@dannywarren.com> Reviewed by: marcus@
12 lines
313 B
C
12 lines
313 B
C
--- libgamin/gam_fork.h.orig 2007-07-04 06:36:48.000000000 -0700
|
|
+++ libgamin/gam_fork.h 2013-02-16 20:38:00.328594608 -0800
|
|
@@ -32,6 +32,9 @@
|
|
#endif
|
|
|
|
int gamin_fork_server (const char *fam_client_id);
|
|
+#ifdef RUN_AS_EUID
|
|
+int gamin_drop_privileges (int to_uid, int to_gid);
|
|
+#endif
|
|
|
|
#ifdef __cplusplus
|
|
}
|