APFS: drop privileges upon startup

Move SERVICE_LOGIN to rs.h global header so it's accessible for all.

diff --git a/commands/service/parse.c b/commands/service/parse.c
index ed675d4f00ff05c899094166103e9d420ece1242..1c5a1ba07e84622a297c0af817835a937af8573d 100644 (file)
--- a/commands/service/parse.c
+++ b/commands/service/parse.c
@@ -37,8 +37,6 @@ PRIVATE int class_recurs;       /* Nesting level of class statements */
 
 #include "parse.h"
 
-#define SERVICE_LOGIN   "service"       /* passwd file entry for services */
-
 FORWARD void do_service(config_t *cpe, config_t *config, struct rs_config *);
 
 PRIVATE void do_class(config_t *cpe, config_t *config, struct rs_config *rs_config)

diff --git a/common/include/minix/rs.h b/common/include/minix/rs.h
index 586b145928916a2c80ec9b9cee1409a19d84a79d..7becce82623c15b3450e7e339824b504c038ae61 100644 (file)
--- a/common/include/minix/rs.h
+++ b/common/include/minix/rs.h
@@ -10,6 +10,8 @@ Interface to the reincarnation server
 #include <minix/bitmap.h>
 #include <minix/com.h>
 
+#define SERVICE_LOGIN  "service"       /* passwd file entry for services */
+
 /* RSS definitions. */
 #define RSS_NR_IRQ             16
 #define RSS_NR_IO              16

diff --git a/servers/apfs/main.c b/servers/apfs/main.c
index 73dd0d09fd70e944271e389c596443828839b812..cbba28287cef621a8332a4637412a1c0a059d3b4 100644 (file)
--- a/servers/apfs/main.c
+++ b/servers/apfs/main.c
@@ -4,7 +4,10 @@
 #include <minix/dmap.h>
 #include <minix/driver.h>
 #include <minix/endpoint.h>
+#include <minix/rs.h>
 #include <minix/vfsif.h>
+#include <sys/types.h>
+#include <pwd.h>
 #include "buf.h"
 #include "inode.h"
 #include "uds.h"
@@ -119,6 +122,7 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
 {
 /* Initialize the pipe file server. */
   int i;
+  struct passwd *pw;
 
   /* Initialize main loop parameters. */
   exitsignaled = 0;    /* No exit request seen yet. */
@@ -131,9 +135,13 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
 
   init_inode_cache();
   uds_init();
+  buf_pool();
 
+  if ((pw = getpwnam(SERVICE_LOGIN)) == NULL)
+       panic("unable to retrieve uid of SERVICE_LOGIN");
+  if (setuid(pw->pw_uid) != 0)
+       panic("unable to drop privileges");
   SELF_E = getprocnr();
-  buf_pool();
 
   return(OK);
 }

diff --git a/servers/pm/misc.c b/servers/pm/misc.c
index 1e40f6c77ab011cc495583acb90bac11c3ff3432..531e9bc58b33ead01b2b8f658c6f834330a234d1 100644 (file)
--- a/servers/pm/misc.c
+++ b/servers/pm/misc.c
@@ -237,14 +237,6 @@ PUBLIC int do_getepinfo()
   register struct mproc *rmp;
   endpoint_t ep;
 
-  /* This call should be moved to DS. */
-  if (mp->mp_effuid != 0) {
-       printf("PM: unauthorized call of do_getepinfo_o by proc %d\n",
-               mp->mp_endpoint);
-       sys_sysctl_stacktrace(mp->mp_endpoint);
-       return EPERM;
-  }
-
   ep = m_in.PM_ENDPT;
 
   for (rmp = &mproc[0]; rmp < &mproc[NR_PROCS]; rmp++) {