[sr-dev] Permission problem and setuid in Kamailio 1.5

[marius zbihlei]

Hi all,

There is a permission problem if the daemon is started given -u and -g 
parameters (sets up user and group for the process).

The do_suid function (defined in demonize.c) is called after the call to 
init_modules(), so the mod_init functions of the configured module are 
loaded before the call to do_suid. This wasn't a problem in 1.3 because 
no module(I am aware off) use the uid and gid of the process to do 
permission checks.

This has changed in 1.5, module carrierroute, as there is a check to see 
if the route file in config-file mode (usually 
/etc/kamailio/carrierroute.conf) has the right permission set on it 
(Issues an warning if it's worldly writable and error if it's not 
writable by the process owner). This of course is a problem because 
kamailio hasn't yet setuid()/setgid() so the checks are done using the 
wrong uid.

A correct (imho) course of action is to move the call to do_suid 
function before the call to init_modules()(and before any other calls to 
initialization functions).

I've attached a small patch that does this (tested).

There are any considerations on why the init_modules() should be called 
with another uid/gid?

Greetings,
Marius
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20091013/7a33feb4/attachment.asc>