bug in handling of setting gid

Carter Bullard carter at qosient.com
Wed Jan 24 16:59:50 EST 2007


Hey Jonathan,
Yes, when using the daemon flag, we map stdin and stdout
to /dev/null.   We could close them, but because of the debug
and logging support, we could be trying to write to stdout.  If
stdout is closed, we'll get an error, ...., so we just map them.

The trick is to do the mapping, after we fork(), but before
we do any chroot'ing.  .... done!!

Carter


On Jan 18, 2007, at 11:09 AM, Jonathan Towne wrote:

> Carter,
>
>
> Maybe its just a lack of /dev/null being in the chroot dir?
>
> Its a blatant guess -- didn't do the research, but other daemons
> I've tried to chroot have had very similar issues.
>
>
> -- Jonathan Towne
>
>
> On Thu, Jan 18, 2007 at 10:55:59AM +0000, carter at qosient.com  
> scribbled:
> # Very interesting, I'll try to fix tonight!!
> # Carter
> #
> # Carter Bullard
> # QoSient LLC
> # 150 E. 57th Street Suite 12D
> # New York, New York 10022
> # +1 212 588-9133 Phone
> # +1 212 588-9134 Fax
> #
> # -----Original Message-----
> # From: Russell Fulton <r.fulton at auckland.ac.nz>
> # Date: Thu, 18 Jan 2007 11:15:50
> # To:Argus <argus-info at lists.andrew.cmu.edu>
> # Subject: [ARGUS] bug in handling of setting gid
> #
> # Hi Folks,
> #
> # I'm rebuilding a number of my sensors and putting argus 3.0 on them.
> # I've been playing with the -u and -g flags and found -g always  
> give a
> # permission denied error from setgid.  I looked at the source and  
> as I
> # had guessed Carter had changed the uid before the gid :)  I'm  
> pleased
> # other do things like this, it make me feel much better ;)  Fix is to
> # swap the bits of code in ArgusOutput.c that reset the gid and uid.
> #
> #
> # I also tried the -C <chroot dir>  but could not make it work.  I  
> kept
> # getting message:
> #
> # argus[22245]: 17 Jan 07 21:14:05.576373 Cannot map stdout to /dev/ 
> null
> #
> # I don't have time to pursue that one right now ( some of my sensor
> # hardware has to go back to the leaser next week and I only got the
> # replacement last week!  Thank heavens we have given up leasing  
> servers!).
> #
> # Russell.
> #
> #
> #
>





More information about the argus mailing list