void privsep_init(int fd) { /* This will be the privileged child */ pfd = fd; privsep_read_loop(); close(pfd); flog(LOG_ERR, "Exiting, privsep_read_loop is complete."); }
/* Fork to create privileged process connected by a pipe */ int privsep_init(void) { int pipefds[2]; pid_t pid; if (privsep_enabled()) return 0; if (pipe(pipefds) != 0) { flog(LOG_ERR, "Couldn't create privsep pipe."); return (-1); } pid = fork(); if (pid == -1) { flog(LOG_ERR, "Couldn't fork for privsep."); return (-1); } if (pid == 0) { int nullfd; /* This will be the privileged child */ close(pipefds[1]); pfd = pipefds[0]; /* Detach from stdio */ nullfd = open("/dev/null", O_RDONLY); if (nullfd < 0) { perror("/dev/null"); close(pfd); _exit(1); } dup2(nullfd, 0); dup2(nullfd, 1); /* XXX: we'll keep stderr open in debug mode for better logging */ if (get_debuglevel() == 0) dup2(nullfd, 2); privsep_read_loop(); close(pfd); _exit(0); } /* Continue execution (will drop privileges soon) */ close(pipefds[0]); pfd = pipefds[1]; return 0; }