On Wed, 2003-07-16 at 08:56, Grahame Bowland wrote:
I can imagine why setuid() should ever fail, I've confirmed that the daemon is running as UID zero at the time it makes the call. However, the call succeeds if I comment out: restrict_process_size((unsigned int)-1, 1); on line 134 of src/login-common/main.c it starts to work again.
How about if it was done after setuid()? :) With a few tests it looks like Linux 2.4 and OpenBSD are happy with that. diff -u -r1.11 main.c --- src/login-common/main.c 19 Jun 2003 02:00:25 -0000 1.11 +++ src/login-common/main.c 16 Jul 2003 06:34:39 -0000 @@ -130,9 +130,6 @@ static void drop_privileges(const char *name) { - /* make sure we can't fork() */ - restrict_process_size((unsigned int)-1, 1); - /* Log file or syslog opening probably requires roots */ open_logfile(name); @@ -143,6 +140,9 @@ /* Refuse to run as root - we should never need it and it's dangerous with SSL. */ restrict_access_by_env(TRUE); + + /* make sure we can't fork() */ + restrict_process_size((unsigned int)-1, 1); } static void main_init(void)