diff options
| author |  Hector Martin | 2010-01-30 00:33:57 +0100 |
|---|---|---|
| committer | Hector Martin | 2010-01-30 00:33:57 +0100 |
| commit | 9932ebe49a47c929c8345625a907e5d4e73fe3d5 (patch) | |
| tree | bb8324e926b9730a25c73273ab99aae2087844bf | |
| parent | db1429f4ab24433ec1b98721230305ed043aba66 (diff) | |
| download | usbmuxd-9932ebe49a47c929c8345625a907e5d4e73fe3d5.tar.gz usbmuxd-9932ebe49a47c929c8345625a907e5d4e73fe3d5.tar.bz2 | |
Require explicit username to drop privs
| -rw-r--r-- | daemon/main.c | 18 | ||||
| -rw-r--r-- | udev/85-usbmuxd.rules.in | 2 |
2 files changed, 12 insertions, 8 deletions
diff --git a/daemon/main.c b/daemon/main.c index 363f3d5..18b28a8 100644 --- a/daemon/main.c +++ b/daemon/main.c | |||
| @@ -56,7 +56,7 @@ int should_discover; | |||
| 56 | static int verbose = 0; | 56 | static int verbose = 0; |
| 57 | static int foreground = 0; | 57 | static int foreground = 0; |
| 58 | static int drop_privileges = 0; | 58 | static int drop_privileges = 0; |
| 59 | static const char *drop_user = "usbmux"; | 59 | static const char *drop_user = NULL; |
| 60 | static int opt_udev = 0; | 60 | static int opt_udev = 0; |
| 61 | static int opt_exit = 0; | 61 | static int opt_exit = 0; |
| 62 | static int exit_signal = 0; | 62 | static int exit_signal = 0; |
| @@ -336,8 +336,7 @@ static void usage() | |||
| 336 | printf("\t-h|--help Print this message.\n"); | 336 | printf("\t-h|--help Print this message.\n"); |
| 337 | printf("\t-v|--verbose Be verbose (use twice or more to increase).\n"); | 337 | printf("\t-v|--verbose Be verbose (use twice or more to increase).\n"); |
| 338 | printf("\t-f|--foreground Do not daemonize (implies one -v).\n"); | 338 | printf("\t-f|--foreground Do not daemonize (implies one -v).\n"); |
| 339 | printf("\t-U|--user[=USER] Change to this user after startup (needs usb privileges).\n"); | 339 | printf("\t-U|--user USER Change to this user after startup (needs usb privileges).\n"); |
| 340 | printf("\t If USER is not specified, defaults to usbmux.\n"); | ||
| 341 | printf("\t-u|--udev Run in udev operation mode.\n"); | 340 | printf("\t-u|--udev Run in udev operation mode.\n"); |
| 342 | printf("\t-x|--exit Tell a running instance to exit if there are no devices\n"); | 341 | printf("\t-x|--exit Tell a running instance to exit if there are no devices\n"); |
| 343 | printf("\t connected (must be in udev mode).\n"); | 342 | printf("\t connected (must be in udev mode).\n"); |
| @@ -361,7 +360,7 @@ static void parse_opts(int argc, char **argv) | |||
| 361 | int c; | 360 | int c; |
| 362 | 361 | ||
| 363 | while (1) { | 362 | while (1) { |
| 364 | c = getopt_long(argc, argv, "hfvuU::xX", longopts, (int *) 0); | 363 | c = getopt_long(argc, argv, "hfvuU:xX", longopts, (int *) 0); |
| 365 | if (c == -1) { | 364 | if (c == -1) { |
| 366 | break; | 365 | break; |
| 367 | } | 366 | } |
| @@ -378,8 +377,7 @@ static void parse_opts(int argc, char **argv) | |||
| 378 | break; | 377 | break; |
| 379 | case 'U': | 378 | case 'U': |
| 380 | drop_privileges = 1; | 379 | drop_privileges = 1; |
| 381 | if(optarg) | 380 | drop_user = optarg; |
| 382 | drop_user = optarg; | ||
| 383 | break; | 381 | break; |
| 384 | case 'u': | 382 | case 'u': |
| 385 | opt_udev = 1; | 383 | opt_udev = 1; |
| @@ -519,7 +517,13 @@ int main(int argc, char *argv[]) | |||
| 519 | 517 | ||
| 520 | // drop elevated privileges | 518 | // drop elevated privileges |
| 521 | if (drop_privileges && (getuid() == 0 || geteuid() == 0)) { | 519 | if (drop_privileges && (getuid() == 0 || geteuid() == 0)) { |
| 522 | struct passwd *pw = getpwnam(drop_user); | 520 | struct passwd *pw; |
| 521 | if (!drop_user) { | ||
| 522 | usbmuxd_log(LL_FATAL, "No user to drop privileges to?"); | ||
| 523 | res = -1; | ||
| 524 | goto terminate; | ||
| 525 | } | ||
| 526 | pw = getpwnam(drop_user); | ||
| 523 | if (!pw) { | 527 | if (!pw) { |
| 524 | usbmuxd_log(LL_FATAL, "Dropping privileges failed, check if user '%s' exists!", drop_user); | 528 | usbmuxd_log(LL_FATAL, "Dropping privileges failed, check if user '%s' exists!", drop_user); |
| 525 | res = -1; | 529 | res = -1; |
diff --git a/udev/85-usbmuxd.rules.in b/udev/85-usbmuxd.rules.in index f68a5fa..f9c8376 100644 --- a/udev/85-usbmuxd.rules.in +++ b/udev/85-usbmuxd.rules.in | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | # usbmuxd (iPhone "Apple Mobile Device" MUXer listening on /var/run/usbmuxd) | 1 | # usbmuxd (iPhone "Apple Mobile Device" MUXer listening on /var/run/usbmuxd) |
| 2 | 2 | ||
| 3 | # Forces iPhone 1.0, 3G, 3GS and iPodTouch 1 and 2 to USB configuration 3 and run usbmuxd | 3 | # Forces iPhone 1.0, 3G, 3GS and iPodTouch 1 and 2 to USB configuration 3 and run usbmuxd |
| 4 | ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="05ac", ATTR{idProduct}=="129[0-9]", ATTR{bConfigurationValue}!="$attr{bNumConfigurations}", ATTR{bConfigurationValue}="$attr{bNumConfigurations}", RUN+="@CMAKE_INSTALL_PREFIX@/sbin/usbmuxd -u -U" | 4 | ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="05ac", ATTR{idProduct}=="129[0-9]", ATTR{bConfigurationValue}!="$attr{bNumConfigurations}", ATTR{bConfigurationValue}="$attr{bNumConfigurations}", RUN+="@CMAKE_INSTALL_PREFIX@/sbin/usbmuxd -u -U usbmux" |
| 5 | 5 | ||
| 6 | # Exit usbmuxd when the last phone is removed | 6 | # Exit usbmuxd when the last phone is removed |
| 7 | ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="5ac/129[0-9]/*", ENV{INTERFACE}=="255/*", RUN+="@CMAKE_INSTALL_PREFIX@/sbin/usbmuxd -x" | 7 | ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="5ac/129[0-9]/*", ENV{INTERFACE}=="255/*", RUN+="@CMAKE_INSTALL_PREFIX@/sbin/usbmuxd -x" |