diff --git a/CHANGES b/CHANGES index 4baba3c..81441dc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +new features: + introduced option names substuser-early and su-e, currently equivalent + to option substuser (thanks to Mike Perry for providing the patch) + ####################### V 1.7.0.1: corrections: diff --git a/doc/socat.yo b/doc/socat.yo index e06a908..52ccda7 100644 --- a/doc/socat.yo +++ b/doc/socat.yo @@ -1663,16 +1663,18 @@ label(OPTION_CHROOT_EARLY)dit(bf(tt(chroot-early=))) before opening the address. This call might require root privilege. label(OPTION_SETGID)dit(bf(tt(setgid=))) Changes the primary link()(TYPE_GROUP) of the process after - processing the address. This call might require root privilege. + processing the address. This call might require root privilege. Please note + that this option does not drop other group related privileges. label(OPTION_SETGID_EARLY)dit(bf(tt(setgid-early=))) - Changes the primary link()(TYPE_GROUP) of the process before opening - the address. This call might require root privilege. + Like link(setgit)(OPTION_SETGID) but is performed before opening the address. label(OPTION_SETUID)dit(bf(tt(setuid=))) Changes the link()(TYPE_USER) (owner) of the process after processing - the address. This call might require root privilege. + the address. This call might require root privilege. Please note that this + option does not drop group related privileges. Check if option + link(su)(OPTION_SUBSTUSER) better fits your needs. label(OPTION_SETUID_EARLY)dit(bf(tt(setuid-early=))) - Changes the link()(TYPE_USER) (owner) of the process before opening - the address. This call might require root privilege. + Like link(setuid)(OPTION_SETSUID) but is performed before opening the + address. label(OPTION_SUBSTUSER)dit(bf(tt(su=))) Changes the link()(TYPE_USER) (owner) and groups of the process after processing the address (link(example)(EXAMPLE_OPTION_SUBSTUSER)). This call might require root privilege. diff --git a/xio-process.c b/xio-process.c index 246c47a..5ee3506 100644 --- a/xio-process.c +++ b/xio-process.c @@ -1,5 +1,5 @@ /* source: xio-process.c */ -/* Copyright Gerhard Rieger 2001-2003 */ +/* Copyright Gerhard Rieger 2001-2009 */ /* Published under the GNU General Public License V.2, see file COPYING */ /* this file handles process related addresses options */ @@ -14,6 +14,7 @@ const struct optdesc opt_setgid_early= { "setgid-early",NULL, OPT_SETGID_EARLY, const struct optdesc opt_setgid = { "setgid", NULL, OPT_SETGID, GROUP_PROCESS, PH_LATE2, TYPE_GIDT, OFUNC_SPEC }; const struct optdesc opt_setuid_early= { "setuid-early",NULL, OPT_SETUID_EARLY,GROUP_PROCESS, PH_EARLY, TYPE_UIDT, OFUNC_SPEC }; const struct optdesc opt_setuid = { "setuid", NULL, OPT_SETUID, GROUP_PROCESS, PH_LATE2, TYPE_UIDT, OFUNC_SPEC }; +const struct optdesc opt_substuser_early = { "substuser-early", "su-e", OPT_SUBSTUSER_EARLY, GROUP_PROCESS, PH_EARLY, TYPE_UIDT, OFUNC_SPEC }; const struct optdesc opt_substuser = { "substuser", "su", OPT_SUBSTUSER, GROUP_PROCESS, PH_LATE2, TYPE_UIDT, OFUNC_SPEC }; const struct optdesc opt_substuser_delayed = { "substuser-delayed", "su-d", OPT_SUBSTUSER_DELAYED, GROUP_PROCESS, PH_INIT, TYPE_UIDT, OFUNC_SPEC }; const struct optdesc opt_chroot_early = { "chroot-early", NULL, OPT_CHROOT_EARLY, GROUP_PROCESS, PH_EARLY, TYPE_STRING, OFUNC_SPEC }; diff --git a/xio-process.h b/xio-process.h index 4a80928..09ddc8c 100644 --- a/xio-process.h +++ b/xio-process.h @@ -1,5 +1,5 @@ /* source: xio-process.h */ -/* Copyright Gerhard Rieger 2001, 2002 */ +/* Copyright Gerhard Rieger 2001-2009 */ /* Published under the GNU General Public License V.2, see file COPYING */ #ifndef __xio_process_h_included @@ -9,6 +9,7 @@ extern const struct optdesc opt_setgid_early; extern const struct optdesc opt_setgid; extern const struct optdesc opt_setuid_early; extern const struct optdesc opt_setuid; +extern const struct optdesc opt_substuser_early; extern const struct optdesc opt_substuser; extern const struct optdesc opt_substuser_delayed; extern const struct optdesc opt_chroot_early; diff --git a/xioopts.c b/xioopts.c index a5578ee..ca66ba9 100644 --- a/xioopts.c +++ b/xioopts.c @@ -1,5 +1,5 @@ /* source: xioopts.c */ -/* Copyright Gerhard Rieger 2001-2008 */ +/* Copyright Gerhard Rieger 2001-2009 */ /* Published under the GNU General Public License V.2, see file COPYING */ /* this file contains the source for address options handling */ @@ -1453,8 +1453,10 @@ const struct optname optionnames[] = { #endif IF_ANY ("su", &opt_substuser) IF_ANY ("su-d", &opt_substuser_delayed) + IF_ANY ("su-e", &opt_substuser_early) IF_ANY ("substuser", &opt_substuser) IF_ANY ("substuser-delayed", &opt_substuser_delayed) + IF_ANY ("substuser-early", &opt_substuser_early) IF_TERMIOS("susp", &opt_vsusp) #ifdef VSWTC IF_TERMIOS("swtc", &opt_vswtc) @@ -3257,6 +3259,7 @@ int applyopts(int fd, struct opt *opts, enum e_phase phase) { opt->desc = ODESC_ERROR; ++opt; continue; } break; + case OPT_SUBSTUSER_EARLY: case OPT_SUBSTUSER: { struct passwd *pwd; diff --git a/xioopts.h b/xioopts.h index db61752..df18d54 100644 --- a/xioopts.h +++ b/xioopts.h @@ -1,5 +1,5 @@ /* source: xioopts.h */ -/* Copyright Gerhard Rieger 2001-2008 */ +/* Copyright Gerhard Rieger 2001-2009 */ /* Published under the GNU General Public License V.2, see file COPYING */ #ifndef __xioopts_h_included @@ -695,6 +695,7 @@ enum e_optcode { # define ENABLE_OPTCODE # include "xio-streams.h" # undef ENABLE_OPTCODE + OPT_SUBSTUSER_EARLY, OPT_SUBSTUSER, OPT_SUBSTUSER_DELAYED, OPT_SYMBOLIC_LINK, /* with pty */