diff -Naurp LVM2.2.02.33/daemons/clvmd/clvm.h LVM2.2.02.33.oden/daemons/clvmd/clvm.h --- LVM2.2.02.33/daemons/clvmd/clvm.h 2007-12-04 10:39:26.000000000 -0500 +++ LVM2.2.02.33.oden/daemons/clvmd/clvm.h 2010-09-06 03:30:38.000000000 -0400 @@ -45,9 +45,8 @@ struct clvm_header { #define CLVMD_FLAG_SYSTEMLV 2 /* Data in system LV under my node name */ #define CLVMD_FLAG_NODEERRS 4 /* Reply has errors in node-specific portion */ -/* Name of the local socket to communicate between libclvm and clvmd */ -//static const char CLVMD_SOCKNAME[]="/var/run/clvmd"; -static const char CLVMD_SOCKNAME[] = "\0clvmd"; +/* Name of the local socket to communicate between lvm and clvmd */ +static const char CLVMD_SOCKNAME[]= "/var/run/lvm/clvmd.sock"; /* Internal commands & replies */ #define CLVMD_CMD_REPLY 1 diff -Naurp LVM2.2.02.33/daemons/clvmd/clvmd.c LVM2.2.02.33.oden/daemons/clvmd/clvmd.c --- LVM2.2.02.33/daemons/clvmd/clvmd.c 2007-11-15 05:16:14.000000000 -0500 +++ LVM2.2.02.33.oden/daemons/clvmd/clvmd.c 2010-09-06 03:30:38.000000000 -0400 @@ -122,6 +122,7 @@ static void process_remote_command(struc static int process_reply(const struct clvm_header *msg, int msglen, const char *csid); static int open_local_sock(void); +static void close_local_sock(int local_socket); static int check_local_clvmd(void); static struct local_client *find_client(int clientid); static void main_loop(int local_sock, int cmd_timeout); @@ -188,6 +189,14 @@ void debuglog(const char *fmt, ...) } } +static void check_permissions() +{ + if (getuid() || geteuid()) { + log_error("Cannot run as a non-root user."); + exit(4); + } +} + int main(int argc, char *argv[]) { int local_sock; @@ -215,6 +224,7 @@ int main(int argc, char *argv[]) exit(0); case 'R': + check_permissions(); return refresh_clvmd(); case 'C': @@ -257,6 +267,8 @@ int main(int argc, char *argv[]) } } + check_permissions(); + /* Setting debug options on an existing clvmd */ if (debug_opt && !check_local_clvmd()) { @@ -381,6 +393,8 @@ int main(int argc, char *argv[]) /* Do some work */ main_loop(local_sock, cmd_timeout); + close_local_sock(local_sock); + return 0; } @@ -713,7 +727,6 @@ static void main_loop(int local_sock, in closedown: clops->cluster_closedown(); - close(local_sock); } static __attribute__ ((noreturn)) void wait_for_child(int c_pipe, int timeout) @@ -1809,20 +1822,30 @@ static int check_local_clvmd(void) return ret; } +static void close_local_sock(int local_socket) +{ + if (local_socket != -1 && close(local_socket)) + stack; + + if (CLVMD_SOCKNAME[0] != '\0' && unlink(CLVMD_SOCKNAME)) + stack; +} /* Open the local socket, that's the one we talk to libclvm down */ static int open_local_sock() { - int local_socket; + int local_socket = -1; struct sockaddr_un sockaddr; + mode_t old_mask; + + close_local_sock(local_socket); + old_mask = umask(0077); /* Open local socket */ - if (CLVMD_SOCKNAME[0] != '\0') - unlink(CLVMD_SOCKNAME); local_socket = socket(PF_UNIX, SOCK_STREAM, 0); if (local_socket < 0) { log_error("Can't create local socket: %m"); - return -1; + goto error; } /* Set Close-on-exec */ fcntl(local_socket, F_SETFD, 1); @@ -1832,18 +1855,19 @@ static int open_local_sock() sockaddr.sun_family = AF_UNIX; if (bind(local_socket, (struct sockaddr *) &sockaddr, sizeof(sockaddr))) { log_error("can't bind local socket: %m"); - close(local_socket); - return -1; + goto error; } if (listen(local_socket, 1) != 0) { log_error("listen local: %m"); - close(local_socket); - return -1; + goto error; } - if (CLVMD_SOCKNAME[0] != '\0') - chmod(CLVMD_SOCKNAME, 0600); + umask(old_mask); return local_socket; +error: + close_local_sock(local_socket); + umask(old_mask); + return -1; } void process_message(struct local_client *client, const char *buf, int len,