* iconv/iconv_prog.c (main): Handle input file name "-" correctly.
Recognize option -s, -c, and -l.
2000-04-20 Thorsten Kukuk <kukuk@suse.de>
* nscd/nscd.c: Start new session for nscd, drop privilegs
to configured user if requested and no -S parameter are used.
* nscd/nscd.conf: Add new option "server-user".
* nscd/nscd_conf.c: Add support for new "server-user" option.
* nscd/nscd.h: Add declaration for server_user variable.
Based on patch by Chris Wing <wingc@engin.umich.edu>
2000-04-29 Mark Kettenis <kettenis@gnu.org>
* sysdeps/unix/sysv/linux/i386/sigaction.c: Add comment explaining
that changing the __restore and __restore_rt signal return code
will break GDB.
2000-04-29 Mark Kettenis <kettenis@gnu.org>
* sysdeps/unix/sysv/linux/i386/sys/ucontext.h: Do not include
<sys/user.h>.
2000-04-29 Mark Kettenis <kettenis@gnu.org>
* conform/data/ucontext.h-data: Allow ss_* instead of SS_*.
2000-04-29 Ulrich Drepper <drepper@redhat.com>
2000-04-29 Ulrich Drepper <drepper@redhat.com>
+ * iconv/iconv_prog.c (main): Handle input file name "-" correctly.
+ Recognize option -s, -c, and -l.
+
+2000-04-20 Thorsten Kukuk <kukuk@suse.de>
+
+ * nscd/nscd.c: Start new session for nscd, drop privilegs
+ to configured user if requested and no -S parameter are used.
+ * nscd/nscd.conf: Add new option "server-user".
+ * nscd/nscd_conf.c: Add support for new "server-user" option.
+ * nscd/nscd.h: Add declaration for server_user variable.
+ Based on patch by Chris Wing <wingc@engin.umich.edu>
+
+2000-04-29 Mark Kettenis <kettenis@gnu.org>
+
+ * sysdeps/unix/sysv/linux/i386/sigaction.c: Add comment explaining
+ that changing the __restore and __restore_rt signal return code
+ will break GDB.
+
+2000-04-29 Mark Kettenis <kettenis@gnu.org>
+
+ * sysdeps/unix/sysv/linux/i386/sys/ucontext.h: Do not include
+ <sys/user.h>.
+
+2000-04-29 Mark Kettenis <kettenis@gnu.org>
+
+ * conform/data/ucontext.h-data: Allow ss_* instead of SS_*.
+
+2000-04-29 Ulrich Drepper <drepper@redhat.com>
+
* conform/conformtest.pl (@headers): Add sys/utsname.h, sys/un.h,
sys/socket.h, spawn.h, netinet/tcp.h, netinet/in.h, net/if.h, and
arpa/inet.h.
function int swapcontext (ucontext_t*, const ucontext_t*)
allow uc_*
-allow SS_*
+allow ss_*
allow *_t
/* Convert text in given files from the specified from-set to the to-set.
- Copyright (C) 1998, 1999 Free Software Foundation, Inc.
+ Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version;
#define OPT_VERBOSE 1000
-#define OPT_LIST 1001
+#define OPT_LIST 'l'
/* Definitions of arguments for argp functions. */
static const struct argp_option options[] =
{ "from-code", 'f', "NAME", 0, N_("encoding of original text") },
{ "to-code", 't', "NAME", 0, N_("encoding for output") },
{ NULL, 0, NULL, 0, N_("Information:") },
- { "list", OPT_LIST, NULL, 0, N_("list all known coded character sets") },
+ { "list", 'l', NULL, 0, N_("list all known coded character sets") },
{ NULL, 0, NULL, 0, N_("Output control:") },
+ { NULL, 'c', NULL, 0, N_("omit invalid characters from output") },
{ "output", 'o', "FILE", 0, N_("output file") },
+ { "silent", 's', NULL, 0, N_("supress warnings") },
{ "verbose", OPT_VERBOSE, NULL, 0, N_("print progress information") },
{ NULL, 0, NULL, 0, NULL }
};
static const char args_doc[] = N_("[FILE...]");
/* Prototype for option handler. */
-static error_t parse_opt __P ((int key, char *arg, struct argp_state *state));
+static error_t parse_opt (int key, char *arg, struct argp_state *state);
/* Function to print some extra text in the help message. */
-static char *more_help __P ((int key, const char *text, void *input));
+static char *more_help (int key, const char *text, void *input);
/* Data structure to communicate with argp functions. */
static struct argp argp =
{
struct stat st;
const char *addr;
- int fd = open (argv[remaining], O_RDONLY);
+ int fd;
+
if (verbose)
printf ("%s:\n", argv[remaining]);
-
- if (fd == -1)
+ if (strcmp (argv[remaining], "-") == 0)
+ fd = 0;
+ else
{
- error (0, errno, _("cannot open input file `%s'"),
- argv[remaining]);
- status = EXIT_FAILURE;
- continue;
+ fd = open (argv[remaining], O_RDONLY);
+
+ if (fd == -1)
+ {
+ error (0, errno, _("cannot open input file `%s'"),
+ argv[remaining]);
+ status = EXIT_FAILURE;
+ continue;
+ }
}
#ifdef _POSIX_MAPPED_FILES
case 'o':
output_file = arg;
break;
+ case 's':
+ /* Nothing, for now at least. We are not giving out any information
+ about missing character or so. */
+ break;
+ case 'c':
+ /* Omit invalid characters from output.
+ XXX This option will become a meaning once we have different
+ modes of operation for the conversion functions. */
+ break;
case OPT_VERBOSE:
verbose = 1;
break;
Copyright (C) %s Free Software Foundation, Inc.\n\
This is free software; see the source for copying conditions. There is NO\n\
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
-"), "1999");
+"), "2000");
fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper");
}
-/* Copyright (c) 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (c) 1998, 1999, 2000 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
int disabled_passwd;
int disabled_group;
int go_background = 1;
+const char *server_user;
int secure[lastdb];
int secure_in_use;
static int check_pid (const char *file);
static int write_pid (const char *file);
+static void drop_privileges (void);
/* Name and version of program. */
static void print_version (FILE *stream, struct argp_state *state);
if (fork ())
exit (0);
+ setsid ();
+
chdir ("/");
openlog ("nscd", LOG_CONS | LOG_ODELAY, LOG_DAEMON);
/* Init databases. */
nscd_init (conffile);
+ /* Change to unprivileged UID if specifed in config file */
+ if(server_user && !secure_in_use)
+ drop_privileges ();
+
/* Handle incoming requests */
start_threads ();
return 0;
}
+
+/* Look up the uid and gid associated with the user we are supposed to run
+ the server as, and then call setgid(), setgroups(), and setuid().
+ Otherwise, abort- we should not run as root if the configuration file
+ specifically tells us not to. */
+
+static void
+drop_privileges (void)
+{
+ int buflen = 256;
+ char *buffer = alloca (buflen);
+ struct passwd resultbuf;
+ struct passwd *pwd;
+
+ while (__getpwnam_r (server_user, &resultbuf, buffer, buflen, &pwd) != 0
+ && errno == ERANGE)
+ {
+ errno = 0;
+ buflen += 256;
+ buffer = alloca (buflen);
+ }
+
+ if(!pwd)
+ {
+ dbg_log (_("Failed to look up user '%s' to run server as"),
+ server_user);
+ exit(1);
+ }
+
+ setgroups (0, NULL);
+ setgid (pwd->pw_gid);
+ setuid (pwd->pw_uid);
+}
# logfile <file>
# debug-level <level>
# threads <#threads to use>
+# server-user <user to run server as instead of root>
+# server-user is ignored if nscd is started with -S parameters
#
# enable-cache <service> <yes|no>
# positive-time-to-live <service> <time in seconds>
# logfile /var/log/nscd.log
# threads 6
-
+# server-user nobody
debug-level 0
enable-cache passwd yes
-/* Copyright (c) 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (c) 1998, 1999, 2000 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
extern int secure[lastdb];
extern int secure_in_use; /* Is one of the above 1 ? */
+/* User name to run server processes as */
+extern const char *server_user;
+
/* Prototypes for global functions. */
/* nscd.c */
-/* Copyright (c) 1998 Free Software Foundation, Inc.
+/* Copyright (c) 1998, 2000 Free Software Foundation, Inc.
This file is part of the GNU C Library.
- Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1998.
+ Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public License as
if (nthreads == -1)
nthreads = MAX (atol (arg1), lastdb);
}
+ else if (strcmp (entry, "server-user") == 0)
+ {
+ if (!arg1)
+ dbg_log (_("Must specify user name for server-user option"), arg1);
+ else
+ server_user = strdup (arg1);
+ }
else
dbg_log (_("Unknown option: %s %s %s"), entry, arg1, arg2);
}
weak_alias (__sigaction, sigaction)
+/* NOTE: Please think twice before making any changes to the bits of
+ code below. GDB needs some intimate knowledge about it to
+ recognize them as signal trampolines, and make backtraces through
+ signal handlers work right. Important are both the names
+ (__restore and __restore_rt) and the exact instruction sequence.
+ If you ever feel the need to make any changes, please notify the
+ appropriate GDB maintainer. */
+
#define RESTORE(name, syscall) RESTORE2 (name, syscall)
#define RESTORE2(name, syscall) \
asm \
( \
".align 16\n" \
- "__" #name ":\n" \
+ "__" #name ":\n" \
" movl $" #syscall ", %eax\n" \
" int $0x80" \
);
# define RESTORE2(name, syscall) \
asm \
( \
- ".align 8\n" \
- "__" #name ":\n" \
+ ".align 8\n" \
+ "__" #name ":\n" \
" popl %eax\n" \
" movl $" #syscall ", %eax\n" \
" int $0x80" \
included in <signal.h>. */
#include <bits/sigcontext.h>
-/* We also need the definition of the userlevel data representation
- for the register contexts. */
-#include <sys/user.h>
-
/* Type for general register. */
typedef int greg_t;