| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
otherwise the child processes still believet the prefork value is
3 and can end up reading/writing out of bounds when setting up the
sockets. Actually, server processes shouldn't create pipes to other
servers, but this is left for a follow-up diff.
Issue reported by la ninpre, thank you!
|
|
|
|
Makes parsing and handling of imsgs simpler / clearer. only crypto.c
is left as-is.
|
|
since proc_forward_imsg() never forwards a file descriptor (it's
never called actually) just use -1 there.
|
|
|
|
|
|
unused, and was dropped by other copies of proc.c; reduces the diff
with httpd' proc.c.
|
|
We don't always do privilege dropping (as we may start as unprivileged
user), so set these two beforehand so when we skip privdrop we don't
miss to set privsep_process and set the process' title.
|
|
Don't have all the processes read gmid.conf. The parent needs to do
that, and the will send the config to the children (already
happening.) The other processes were reading the config anyway to
figure out the user and the chroot (if enabled); make the parent pass
additional flag to propagate that info.
We dissociate a bit from the "usual" proc.c but it's a change worth
having.
|
|
|
|
It uses the 'common' proc.c from various OpenBSD-daemons.
gmid grew organically bit by bit and it was also the first place where I
tried to implement privsep. It wasn't done very well, in fact the
parent process (that retains root privileges) just fork()s a generation
of servers, all sharing *exactly* the same address space. No good!
Now, we fork() and re-exec() ourselves, so that each process has a fresh
address space.
Some features (require client ca for example) are temporarly disabled,
will be fixed in subsequent commits. The "ge" program is also
temporarly disabled as it needs tweaks to do privsep too.
|
