diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2018-06-04 09:59:21 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2018-06-04 09:59:21 +0200 |
| commit | 9207a0837c19c2f1bf9486d1621438693841039f (patch) | |
| tree | c5b31310d6d5b8db2904a3309c5c4ee81e7584f2 /src/charon | |
| parent | 3456101fa5dfd78d8b74c005b8dad281bb045398 (diff) | |
| parent | 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff) | |
| download | vyos-strongswan-9207a0837c19c2f1bf9486d1621438693841039f.tar.gz vyos-strongswan-9207a0837c19c2f1bf9486d1621438693841039f.zip | |
Update upstream source from tag 'upstream/5.6.3'
Update to upstream version '5.6.3'
with Debian dir d2b13199c1ca302286cbf83878342276cb01d710
Diffstat (limited to 'src/charon')
| -rw-r--r-- | src/charon/charon.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/charon/charon.c b/src/charon/charon.c index f23717034..180486746 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -204,7 +204,7 @@ static bool check_pidfile() } fclose(pidfile); pidfile = NULL; - if (pid && kill(pid, 0) == 0) + if (pid && pid != getpid() && kill(pid, 0) == 0) { DBG1(DBG_DMN, "charon already running ('"PID_FILE"' exists)"); return TRUE; @@ -231,9 +231,15 @@ static bool check_pidfile() DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s", strerror(errno)); } - ignore_result(fchown(fd, - lib->caps->get_uid(lib->caps), - lib->caps->get_gid(lib->caps))); + /* Only fchown() the pidfile if we have CAP_CHOWN. Otherwise, + * directory permissions should allow pidfile to be accessed + * by the UID/GID under which the charon daemon will run. */ + if (lib->caps->check(lib->caps, CAP_CHOWN)) + { + ignore_result(fchown(fd, + lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps))); + } fprintf(pidfile, "%d\n", getpid()); fflush(pidfile); return FALSE; |