silc-server does not drop privileges when run in foreground

[Daniel Kahn Gillmor]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

After Frank Benkstein's announcement today, i started experimenting
with running silcd under supervision with the runit suite [0], to make
the daemon restart if it should crash under other similar
circumstances.

I discovered that a foregrounded silc server (silcd -F) doesn't
appropriately drop privileges, even when configured to do so in
silcd.conf.

The following patch (which i've already incorporated in my debianized
silc-server packages [1]) ensures that privileges are dropped even
when the daemon is running in the foreground.

If there's a reason to avoid doing this, or a better way to do it, i'd
appreciate hearing about it.

Running under a reasonable service supervision suite also points to
the idea of logging directly to stderr (and letting the supervision
suite handle logfile timestamping/rotation/etc).  But that's probably
another post.

Regards,

        --dkg


- --- silc-server-1.0.3.orig/apps/silcd/silcd.c
+++ silc-server-1.0.3/apps/silcd/silcd.c
@@ -780,9 +780,10 @@
       snprintf(buf, sizeof(buf) - 1, "%d\n", getpid());
       silc_file_writefile(pidfile, buf, strlen(buf));
     }
- -
- -    silc_server_drop_privs(silcd);
   }
+  /* dkg moved this outside of the !foreground block so that
+     foregrounded servers would also properly drop privs. */
+  silc_server_drop_privs(silcd);
 
   /* Run the server. When this returns the server has been stopped
      and we will exit. */


[0] http://smarden.sunsite.dk/runit/
[1] http://lair.fifthhorseman.net/~dkg/src/silc/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iD8DBQFF7lLhiXTlFKVLY2URApFTAKCuQLrmkls7sV8d3xClXnilcuvUJACeLkdS
b/BnZBdDGuH5iHu/+X8PW+Q=
=JLPT
-----END PGP SIGNATURE-----