* userv - process.c
* daemon code to process one request (is parent of service process)
*
- * Copyright (C)1996-1997 Ian Jackson
+ * Copyright (C)1996-1999 Ian Jackson
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
#include "config.h"
#include "common.h"
+#include "both.h"
#include "daemon.h"
#include "lib.h"
#include "tokens.h"
static void xfread(void *p, size_t sz) {
size_t nr;
- nr= fread(p,1,sz,srfile); if (nr == sz) return;
+ nr= working_fread(p,sz,srfile); if (nr == sz) return;
if (ferror(srfile)) syscallerror("reading from client");
blocksignals();
assert(feof(srfile));
serviceuser_shell= xstrsave(pw->pw_shell);
serviceuser_uid= pw->pw_uid;
+ if (setregid(pw->pw_gid,pw->pw_gid)) syscallerror("setregid 1");
if (initgroups(pw->pw_name,pw->pw_gid)) syscallerror("initgroups");
if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 1");
if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 2");
if (!setreuid(pw->pw_uid,0)) miscerror("setreuid 3 unexpectedly succeeded");
if (errno != EPERM) syscallerror("setreuid 3 failed in unexpected way");
}
+ if (setregid(pw->pw_gid,pw->pw_gid)) syscallerror("setregid 2");
service_ngids= getgroups(0,0); if (service_ngids == -1) syscallerror("getgroups(0,0)");
if (service_ngids > MAX_GIDS) miscerror("service user is in far too many groups");
if (fdarray[fd].holdfd != -1) {
if (close(fdarray[fd].holdfd))
syscallfailure("close unwanted hold descriptor for %d",fd);
+ fdarray[fd].holdfd= -1;
}
}
}