1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-27 17:13:11 +02:00

lldpd: bump to v0.6.1, enable privilege separation and chrooting

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33729 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
jow 2012-10-12 11:58:19 +00:00
parent 885315f8b4
commit 9767d62aa0
4 changed files with 18 additions and 45 deletions

View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=lldpd PKG_NAME:=lldpd
PKG_VERSION:=0.6.0 PKG_VERSION:=0.6.1
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://media.luffy.cx/files/lldpd PKG_SOURCE_URL:=http://media.luffy.cx/files/lldpd
PKG_MD5SUM:=77279577e3b6d85a33dc0afe7c960b27 PKG_MD5SUM:=d2f9ae67e0bcce0206a3a501a81d0738
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
@ -43,8 +43,9 @@ endef
define Package/lldpd/install define Package/lldpd/install
$(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/config $(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/liblldpctl.so* $(1)/usr/lib/
$(INSTALL_BIN) ./files/lldpd.init $(1)/etc/init.d/lldpd $(INSTALL_BIN) ./files/lldpd.init $(1)/etc/init.d/lldpd
$(INSTALL_DATA) ./files/lldpd.config $(1)/etc/config/lldpd $(INSTALL_DATA) ./files/lldpd.config $(1)/etc/config/lldpd
endef endef
@ -53,4 +54,9 @@ define Package/lldpd/conffiles
/etc/config/lldpd /etc/config/lldpd
endef endef
CONFIGURE_ARGS += \
--with-privsep-user=lldp \
--with-privsep-group=lldp \
--with-privsep-chroot=/var/run/lldp
$(eval $(call BuildPackage,lldpd)) $(eval $(call BuildPackage,lldpd))

View File

@ -26,6 +26,12 @@ start() {
[ $enable_sonmp -gt 0 ] && append args '-s' [ $enable_sonmp -gt 0 ] && append args '-s'
[ $enable_edp -gt 0 ] && append args '-e' [ $enable_edp -gt 0 ] && append args '-e'
user_exists lldp 121 || user_add lldp 121 129
group_exists lldp 129 || group_add lldp 129
mkdir -p /var/run/lldp
chown lldp:lldp /var/run/lldp
service_start /usr/sbin/lldpd $args \ service_start /usr/sbin/lldpd $args \
${lldp_class:+ -M $lldp_class} ${lldp_class:+ -M $lldp_class}
@ -37,4 +43,5 @@ start() {
stop() { stop() {
service_stop /usr/sbin/lldpd service_stop /usr/sbin/lldpd
rm -f /var/run/lldpd.socket /var/run/lldpd.pid
} }

View File

@ -1,40 +0,0 @@
--- a/src/priv.c
+++ b/src/priv.c
@@ -518,12 +518,14 @@ priv_init(char *chrootdir)
fatal("[priv]: unable to create socket pair for privilege separation");
/* Get users */
+ /*
if ((user = getpwnam(PRIVSEP_USER)) == NULL)
fatal("[priv]: no " PRIVSEP_USER " user for privilege separation");
uid = user->pw_uid;
if ((group = getgrnam(PRIVSEP_GROUP)) == NULL)
fatal("[priv]: no " PRIVSEP_GROUP " group for privilege separation");
gid = group->gr_gid;
+ */
/* Spawn off monitor */
if ((monitored = fork()) < 0)
@@ -534,17 +536,17 @@ priv_init(char *chrootdir)
if (RUNNING_ON_VALGRIND)
LLOG_WARNX("[priv]: running on valgrind, keep privileges");
else {
- if (chroot(chrootdir) == -1)
- fatal("[priv]: unable to chroot");
- if (chdir("/") != 0)
+ /*if (chroot(chrootdir) == -1)
+ fatal("[priv]: unable to chroot");*/
+ if (chdir("/tmp") != 0)
fatal("[priv]: unable to chdir");
gidset[0] = gid;
- if (setresgid(gid, gid, gid) == -1)
+ /*if (setresgid(gid, gid, gid) == -1)
fatal("[priv]: setresgid() failed");
if (setgroups(1, gidset) == -1)
fatal("[priv]: setgroups() failed");
if (setresuid(uid, uid, uid) == -1)
- fatal("[priv]: setresuid() failed");
+ fatal("[priv]: setresuid() failed");*/
}
remote = pair[0];
close(pair[1]);

View File

@ -1,6 +1,6 @@
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -48,7 +48,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat]) @@ -62,7 +62,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat])
AX_CFLAGS_GCC_OPTION([-Wformat-security]) AX_CFLAGS_GCC_OPTION([-Wformat-security])
AX_CFLAGS_GCC_OPTION([-Wcast-align]) AX_CFLAGS_GCC_OPTION([-Wcast-align])
AX_CFLAGS_GCC_OPTION([-Winline]) AX_CFLAGS_GCC_OPTION([-Winline])