[icinga-checkins] icinga.org: icinga-core/mfriedrich/ido: core: change ownership of debug log file before dropping privileges refs #3521

git at icinga.org git at icinga.org
Tue Feb 12 18:03:21 CET 2013


Module: icinga-core
Branch: mfriedrich/ido
Commit: cc80a890402c9518179a895d9ffad562629a78b5
URL:    https://git.icinga.org/?p=icinga-core.git;a=commit;h=cc80a890402c9518179a895d9ffad562629a78b5

Author: Michael Friedrich <michael.friedrich at netways.de>
Date:   Sat Jan 12 18:14:58 2013 +0100

core: change ownership of debug log file before dropping privileges refs #3521

Opening the debug file, non-existing, will create it as root, before
actually dropping the privileges (644). When the core receives a SIGHUP
later, the non-privileged user cannot write to the debug file anymore,
bailing early.
In order to solve that, it's required to chown the debug log file to the
icinga user before dropping privileges.

---

 Changelog         |    1 +
 base/logging.c    |   16 ++++++++++++++++
 base/utils.c      |   11 +++++++++++
 include/logging.h |    1 +
 4 files changed, 29 insertions(+), 0 deletions(-)

diff --git a/Changelog b/Changelog
index 3021f28..2377782 100644
--- a/Changelog
+++ b/Changelog
@@ -26,6 +26,7 @@ FIXES
 * core: fix faulty macro cleaning, replacing spaces with pluses where they shouldn't be cleaned #3397 - MF
 * core: fix macro escaping logs incorrect warning for $$escapes #3404 - MF
 * core: fix wrong escalation notification due to state based escalation range behaviour changes #3441 - MF
+* core: change ownership of debug log file before dropping privileges (Eric Stanley) #3521 - MF
 
 * idoutils: fix many memory leaks in ido2db on dbi_result_free and others (thx Klaus Wagner) #3406 - MF
 * idoutils: fix ido2db crashes when Oracle queries fail #3324 - GB
diff --git a/base/logging.c b/base/logging.c
index 9a6f484..64d75e8 100644
--- a/base/logging.c
+++ b/base/logging.c
@@ -568,6 +568,22 @@ int open_debug_log(void) {
 	return OK;
 }
 
+/* change ownership of the debug log file */
+int chown_debug_log(uid_t uid, gid_t gid) {
+
+	/* bail early if not running */
+	if (verify_config == TRUE || test_scheduling == TRUE)
+		return OK;
+
+	/* we do not debug anything, bail early */
+	if (debug_level == DEBUGL_NONE)
+		return OK;
+
+	if (chown(debug_file, uid, gid) < 0)
+		return ERROR;
+
+	return OK;
+}
 
 /* closes the debug log */
 int close_debug_log(void) {
diff --git a/base/utils.c b/base/utils.c
index 9a21842..afce3c2 100644
--- a/base/utils.c
+++ b/base/utils.c
@@ -2612,6 +2612,17 @@ int drop_privileges(char *user, char *group) {
 			}
 		}
 #endif
+
+		/* change ownership of debug log file
+		 * this is required in order to re-open
+		 * the file when receiving a SIGHUP, after
+		 * creating the file with root privileges
+		 */
+		if (chown_debug_log(uid, gid) == ERROR) {
+			logit(NSLOG_RUNTIME_WARNING, TRUE, "Failed to change ownership (UID=%d, GID=%d) on debug log file '%s': %s.", (int)uid, (int)gid, debug_file, strerror(errno));
+			result = ERROR;
+		}
+
 		if (setuid(uid) == -1) {
 			logit(NSLOG_RUNTIME_WARNING, TRUE, "Warning: Could not set effective UID=%d", (int)uid);
 			result = ERROR;
diff --git a/include/logging.h b/include/logging.h
index 4526695..8c553e3 100644
--- a/include/logging.h
+++ b/include/logging.h
@@ -111,6 +111,7 @@ int log_service_states(int,time_t *);                   /* logs initial/current
 int rotate_log_file(time_t);			     	/* rotates the main log file */
 int write_log_file_info(time_t *); 			/* records log file/version info */
 int open_debug_log(void);
+int chown_debug_log(uid_t, gid_t);
 int close_debug_log(void);
 
 #endif /* !NSCGI */





More information about the icinga-checkins mailing list