- {
- struct passwd *pwd = getpwnam(sep->se_user);
- if (pwd == NULL) {
- syslog_err_and_discard_dg(
- sep->se_socktype,
- "getpwnam: %s: No such user",
- sep->se_user);
- }
- if (sep->se_group && (grp = getgrnam(sep->se_group)) == NULL) {
- syslog_err_and_discard_dg(sep->se_socktype,
- "getgrnam: %s: No such group", sep->se_group);
- }
- /*
- * Ok. There are four cases here:
- * 1. nonroot user, no group specified
- * 2. nonroot user, some group specified
- * 3. root user, no group specified
- * 4. root user, some group specified
- * In cases 2 and 4 we setgid to the specified
- * group. In cases 1 and 2 we run initgroups
- * to run with the groups of the given user.
- * In case 4 we do setgroups to run with the
- * given group. In case 3 we do nothing.
- */
- if (pwd->pw_uid) {
- if (sep->se_group) {
- pwd->pw_gid = grp->gr_gid;
- }
- setgid((gid_t)pwd->pw_gid);
- initgroups(pwd->pw_name, pwd->pw_gid);
- setuid((uid_t)pwd->pw_uid);
- } else if (sep->se_group) {
- setgid((gid_t)grp->gr_gid);
- setgroups(1, &grp->gr_gid);
- }
- dup2(ctrl, 0);
- close(ctrl);
- dup2(0, 1);
- dup2(0, 2);
-#ifdef RLIMIT_NOFILE
- if (rlim_ofile.rlim_cur != rlim_ofile_cur) {
- if (setrlimit(RLIMIT_NOFILE, &rlim_ofile) < 0) {
- syslog(LOG_ERR,"setrlimit: %m");
- }
- }
-#endif
- for (ctrl = rlim_ofile_cur-1; --ctrl > 2; ) {
- (void)close(ctrl);
- }
- memset(&sa, 0, sizeof(sa));
- sa.sa_handler = SIG_DFL;
- sigaction(SIGPIPE, &sa, NULL);
-
- execv(sep->se_server, sep->se_argv);
- syslog_err_and_discard_dg(sep->se_socktype, "execv %s: %m", sep->se_server);
- }
- }
- if (!sep->se_wait && sep->se_socktype == SOCK_STREAM) {
- close(ctrl);
- }
+ {
+ if ((pwd = getpwnam (sep->se_user)) == NULL) {
+ syslog (LOG_ERR, "getpwnam: %s: No such user", sep->se_user);
+ if (sep->se_socktype != SOCK_STREAM)
+ recv (0, buf, sizeof (buf), 0);
+ _exit (1);
+ }
+ if (setsid () < 0)
+ syslog (LOG_ERR, "%s: setsid: %m", sep->se_service);
+ if (sep->se_group && (grp = getgrnam (sep->se_group)) == NULL) {
+ syslog (LOG_ERR, "getgrnam: %s: No such group", sep->se_group);
+ if (sep->se_socktype != SOCK_STREAM)
+ recv (0, buf, sizeof (buf), 0);
+ _exit (1);
+ }
+ if (uid != 0) {
+ /* a user running private inetd */
+ if (uid != pwd->pw_uid)
+ _exit (1);
+ } else if (pwd->pw_uid) {
+ if (sep->se_group) {
+ pwd->pw_gid = grp->gr_gid;
+ }
+ setgid ((gid_t) pwd->pw_gid);
+ initgroups (pwd->pw_name, pwd->pw_gid);
+ setuid ((uid_t) pwd->pw_uid);
+ } else if (sep->se_group) {
+ setgid (grp->gr_gid);
+ setgroups (1, &grp->gr_gid);