diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2018-06-04 09:59:21 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2018-06-04 09:59:21 +0200 |
| commit | 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (patch) | |
| tree | 2a03e117d072c55cfe2863d26b73e64d933e7ad8 /src/charon | |
| parent | 7793611ee71b576dd9c66dee327349fa64e38740 (diff) | |
| download | vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.tar.gz vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.zip | |
New upstream version 5.6.3
Diffstat (limited to 'src/charon')
| -rw-r--r-- | src/charon/charon.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/charon/charon.c b/src/charon/charon.c index f23717034..180486746 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -204,7 +204,7 @@ static bool check_pidfile() } fclose(pidfile); pidfile = NULL; - if (pid && kill(pid, 0) == 0) + if (pid && pid != getpid() && kill(pid, 0) == 0) { DBG1(DBG_DMN, "charon already running ('"PID_FILE"' exists)"); return TRUE; @@ -231,9 +231,15 @@ static bool check_pidfile() DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s", strerror(errno)); } - ignore_result(fchown(fd, - lib->caps->get_uid(lib->caps), - lib->caps->get_gid(lib->caps))); + /* Only fchown() the pidfile if we have CAP_CHOWN. Otherwise, + * directory permissions should allow pidfile to be accessed + * by the UID/GID under which the charon daemon will run. */ + if (lib->caps->check(lib->caps, CAP_CHOWN)) + { + ignore_result(fchown(fd, + lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps))); + } fprintf(pidfile, "%d\n", getpid()); fflush(pidfile); return FALSE; |