startup: open /dev/null before chroot

before people had to create a /dev/null inside the chroot to make
redirection work.
This commit is contained in:
Florian Westphal 2010-08-01 00:05:07 +02:00
parent 01e40f4b55
commit a02bc9cc6f
1 changed files with 28 additions and 25 deletions

View File

@ -67,7 +67,7 @@ static void Pidfile_Delete PARAMS(( void ));
static void Fill_Version PARAMS(( void ));
static void Setup_FDStreams PARAMS(( void ));
static void Setup_FDStreams PARAMS(( int fd ));
static bool NGIRCd_Init PARAMS(( bool ));
@ -646,27 +646,16 @@ Pidfile_Create(pid_t pid)
* Redirect stdin, stdout and stderr to apropriate file handles.
*/
static void
Setup_FDStreams( void )
Setup_FDStreams(int fd)
{
int fd;
/* Test if we can open /dev/null for reading and writing. If not
* we are most probably chrooted already and the server has been
* restarted. So we simply don't try to redirect stdXXX ... */
fd = open( "/dev/null", O_RDWR );
if ( fd < 0 ) {
Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno));
if (fd < 0)
return;
}
fflush(stdout);
fflush(stderr);
/* Create new stdin(0), stdout(1) and stderr(2) descriptors */
dup2( fd, 0 ); dup2( fd, 1 ); dup2( fd, 2 );
/* Close newly opened file descriptor if not stdin/out/err */
if( fd > 2 ) close( fd );
} /* Setup_FDStreams */
@ -709,12 +698,19 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
bool chrooted = false;
struct passwd *pwd;
struct group *grp;
int real_errno;
int real_errno, fd = -1;
pid_t pid;
if (initialized)
return true;
if (!NGIRCd_NoDaemon) {
/* open /dev/null before chroot() */
fd = open( "/dev/null", O_RDWR);
if (fd < 0)
Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno));
}
if (!ConnSSL_InitLibrary())
Log(LOG_WARNING,
"Warning: Error during SSL initialization, continuing ...");
@ -722,15 +718,14 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
if( Conf_Chroot[0] ) {
if( chdir( Conf_Chroot ) != 0 ) {
Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno ));
return false;
goto out;
}
if( chroot( Conf_Chroot ) != 0 ) {
if (errno != EPERM) {
Log( LOG_ERR, "Can't change root directory to \"%s\": %s",
Conf_Chroot, strerror( errno ));
return false;
goto out;
}
} else {
chrooted = true;
@ -744,7 +739,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
if (! NGIRCd_getNobodyID(&Conf_UID, &Conf_GID)) {
Log(LOG_WARNING, "Could not get user/group ID of user \"nobody\": %s",
errno ? strerror(errno) : "not found" );
return false;
goto out;
}
}
@ -754,7 +749,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
real_errno = errno;
Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno ));
if (real_errno != EPERM)
return false;
goto out;
}
}
@ -764,7 +759,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
real_errno = errno;
Log(LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror(errno));
if (real_errno != EPERM)
return false;
goto out;
}
}
@ -797,7 +792,11 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
strerror(errno));
/* Detach stdin, stdout and stderr */
Setup_FDStreams( );
Setup_FDStreams(fd);
if (fd > 2) {
close(fd);
fd = -1;
}
}
pid = getpid();
@ -838,6 +837,10 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
}
return true;
out:
if (fd > 2)
close(fd);
return false;
}
/* -eof- */