From 1a372224dde236370adb73fdcd8468d7def4bc28 Mon Sep 17 00:00:00 2001 Message-Id: <1a372224dde236370adb73fdcd8468d7def4bc28.1714180061.git.mdw@distorted.org.uk> From: Mark Wooding Date: Mon, 27 Jun 2011 02:00:42 +0100 Subject: [PATCH] client/tripectl.c, debian: Fix logging privileges disaster. Organization: Straylight/Edgeware From: Mark Wooding Previous behaviour: tripectl starts as root, opens logfile, starts tripe server, drops privileges, logs happily to file, receives signal, attempts to open new logfile, and fails miserably. It therefore continues logging to the old logfile, which may well have been deleted by this point. New behaviour: fix Debianization to put logs in a /var/log/tripe directory, and arrange for this to be writable by the tripe user; create the log file after dropping privileges. If tripectl can't open the log, it fails, and the tripe server quits due to EOF on stdin. --- client/tripectl.c | 9 ++++++--- debian/changelog | 9 +++++++++ debian/rules | 4 ++-- debian/tripe.logrotate | 2 +- debian/tripe.postinst | 10 ++++++++++ 5 files changed, 28 insertions(+), 6 deletions(-) diff --git a/client/tripectl.c b/client/tripectl.c index 51450616..ea86ec5c 100644 --- a/client/tripectl.c +++ b/client/tripectl.c @@ -65,6 +65,7 @@ #include "util.h" #undef sun +#define IGNORE(x) do if (x); while (0) /*----- Data structures ---------------------------------------------------*/ @@ -92,6 +93,7 @@ static const char *bgtag = 0; #define f_noinput 64u #define f_warn 128u #define f_uclose 256u +#define f_losing 512u /*----- Main code ---------------------------------------------------------*/ @@ -154,6 +156,7 @@ static void cline(char *p, size_t len, void *b) if (!p) { if (f & f_command) die(EXIT_FAILURE, "server dropped the connection"); + f &= ~f_losing; exit(0); } q = str_getword(&p); @@ -477,8 +480,6 @@ int main(int argc, char *argv[]) die(EXIT_FAILURE, "couldn't set `%s' as current directory: %s", dir, strerror(errno)); } - if (logname) - logfile(logname); if (!pidfile && (f & f_daemon) && ((f & f_syslog) || logname)) pidfile = "tripectl.pid"; if (pidfile && (pidfp = fopen(pidfile, "w")) == 0) { @@ -523,7 +524,6 @@ int main(int argc, char *argv[]) md[1].cur = pfd[1]; md[1].want = STDOUT_FILENO; md[2].cur = efd[1]; md[2].want = STDERR_FILENO; mdup(md, 3); - if (logfp) fclose(logfp); if (pidfp) fclose(pidfp); closelog(); if (f & f_daemon) detachtty(); @@ -550,7 +550,10 @@ int main(int argc, char *argv[]) } } + f |= f_losing; /* pessimism */ u_setugid(u, g); + if (logname) + logfile(logname); if (f & f_daemon) { if (daemonize()) die(EXIT_FAILURE, "error becoming daemon: %s", strerror(errno)); diff --git a/debian/changelog b/debian/changelog index b8cf6c6b..4d8a4416 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +tripe (1.0.0pre11~preview) experimental; urgency=low + + * Fix log/permissions foul-up. Move the logs to /var/log/tripe, and + arrange for that directory to exist with the correct permissions. + Don't try to open the log until after dropping privileges, so as to + provide a check that we can reopen them later. + + -- Mark Wooding Mon, 27 Jun 2011 09:51:08 +0100 + tripe (1.0.0pre10) experimental; urgency=low * Overhaul SLIP error handling. diff --git a/debian/rules b/debian/rules index 7cc8074b..b902fb6c 100755 --- a/debian/rules +++ b/debian/rules @@ -22,10 +22,10 @@ DEB_CONFIGURE_EXTRA_FLAGS = \ --with-tunnel="$(default_tunnel) slip" \ --with-configdir="/etc/tripe" \ --with-socketdir="/var/run" \ - --with-logfile="/var/log/tripe.log" \ + --with-logfile="/var/log/tripe/tripe.log" \ --with-pidfile="/var/run/tripectl.pid" \ --with-initconfig="/etc/default/tripe" \ - --with-wireshark + --with-wireshark="/usr/lib/wireshark/libwireshark0/plugins" ###-------------------------------------------------------------------------- ### Python. diff --git a/debian/tripe.logrotate b/debian/tripe.logrotate index 83a0066f..ff3f470c 100644 --- a/debian/tripe.logrotate +++ b/debian/tripe.logrotate @@ -1,4 +1,4 @@ -/var/log/tripe.log { +/var/log/tripe/tripe.log { rotate 7 weekly compress diff --git a/debian/tripe.postinst b/debian/tripe.postinst index 29946902..0ec93bc6 100644 --- a/debian/tripe.postinst +++ b/debian/tripe.postinst @@ -22,4 +22,14 @@ getent passwd tripe >/dev/null || \ --gecos "TrIPE server" \ tripe +## Create the log directory and an initial logfile. +if [ ! -d /var/log/tripe ]; then + mkdir -m2750 /var/log/tripe + chown tripe:adm /var/log/tripe +fi +if [ ! -f /var/log/tripe/tripe.log ]; then + (umask 027; touch /var/log/tripe/tripe.log) + chown tripe:adm /var/log/tripe/tripe.log +fi + #DEBHELPER# -- [mdw]