chown() on logfile after setuid() too late

Enrik Berkhan enrik#freeradius at planb.de
Mon Aug 13 13:12:40 CEST 2007


Hi,

in src/main/mainconfig.c, function switch_users(), the ownership of the 
log file (if logging to file) is transferred to the server uid/gid. 
Because chown() is called after setuid(), it will fail on systems where 
chown() is a privileged operation.

IMHO, chown() should be called just before setuid().

Enrik



More information about the Freeradius-Devel mailing list