[PATCH] iscsid: drop uid privileges after locking memory

[Anthony Iliopoulos]

Move the setuid call after mlockall, since the latter requires elevated
privileges, and will cause iscsid startup to fail when an unprivileged
uid is specified.

Signed-off-by: Anthony Iliopoulos <ail...@suse.com>
---
usr/iscsid.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/usr/iscsid.c b/usr/iscsid.c
index e50149823bee..9f1a09fe28f2 100644
--- a/usr/iscsid.c
+++ b/usr/iscsid.c
@@ -525,12 +525,6 @@ int main(int argc, char *argv[])
}
}

- if (uid && setuid(uid) < 0) {
- log_error("Unable to setuid to %d", uid);
- log_close(log_pid);
- exit(ISCSI_ERR);
- }
-
memset(&daemon_config, 0, sizeof (daemon_config));
daemon_config.pid_file = pid_file;
daemon_config.config_file = config_file;
@@ -601,6 +595,12 @@ int main(int argc, char *argv[])
exit(ISCSI_ERR);
}

+ if (uid && setuid(uid) < 0) {
+ log_error("Unable to setuid to %d", uid);
+ log_close(log_pid);
+ exit(ISCSI_ERR);
+ }
+
set_state_to_ready();
event_loop(ipc, control_fd, mgmt_ipc_fd);

--
2.29.0

[The Lee-Man]

Hi Anythony:

On Thursday, October 22, 2020 at 12:33:08 PM UTC-7 Anthony Iliopoulos wrote:

Move the setuid call after mlockall, since the latter requires elevated
privileges, and will cause iscsid startup to fail when an unprivileged
uid is specified.

I appreciate your patch, but I'm not sure this one has any value.

When I run regular iscsid (not patched), it dies almost at the start of main(), in the mgmt_ipc_listen() call, if I'm not root. So it never even gets to your patch.

Was there an actual bug or problem you were trying to fix?

P.S. This patch was mangled. Please submit patches in text only, or better yet as a github pull request, since I don't have time to edit submitted patches. Thanks!