Submitted By:            Randy McMurchy <randy_at_linuxfromscratch_dot_org>
Date:                    2008-08-11
Initial Package Version: 4.21
Upstream Status:         From upstream
Origin:                  Upstream
Description:             Fixes an issue where the stunnel daemon will not
                         drop root privileges.


diff -Naur stunnel-4.21-orig/src/prototypes.h stunnel-4.21/src/prototypes.h
--- stunnel-4.21-orig/src/prototypes.h	2007-10-05 15:42:48.000000000 +0000
+++ stunnel-4.21/src/prototypes.h	2008-08-11 17:43:32.000000000 +0000
@@ -57,7 +57,6 @@
 void main_initialize(char *, char *);
 void main_execute(void);
 void stunnel_info(int);
-void drop_privileges(void);
 
 /**************************************** Prototypes for log.c */

 
diff -Naur stunnel-4.21-orig/src/stunnel.c stunnel-4.21/src/stunnel.c
--- stunnel-4.21-orig/src/stunnel.c	2007-10-27 15:41:39.000000000 +0000
+++ stunnel-4.21/src/stunnel.c	2008-08-11 17:43:32.000000000 +0000
@@ -3,8 +3,8 @@
  *   Copyright (c) 1998-2007 Michal Trojnara <Michal.Trojnara@mirt.net>
  *                 All Rights Reserved
  *
- *   Version:      4.21             (stunnel.c)
- *   Date:         2007.10.27
+ *   Version:      4.22             (stunnel.c)
+ *   Date:         2007.11.xx
  *
  *   Author:       Michal Trojnara  <Michal.Trojnara@mirt.net>
  *
@@ -41,7 +41,7 @@
 static void accept_connection(LOCAL_OPTIONS *);
 static void get_limits(void); /* setup global max_clients and max_fds */
 #if !defined (USE_WIN32) && !defined (__vms)
-static void make_chroot(void);
+static void drop_privileges(void);
 static void daemonize(void);
 static void create_pid(void);
 static void delete_pid(void);
@@ -111,9 +111,6 @@
     } else { /* inetd mode */
 #if !defined (USE_WIN32) && !defined (__vms)&&!defined(USE_OS2)
         max_fds=FD_SETSIZE; /* just in case */
-#ifdef HAVE_CHROOT
-        make_chroot();
-#endif /* HAVE_CHROOT */
         drop_privileges();
 #endif
         num_clients=1;
@@ -171,9 +168,6 @@
 #if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2)
     if(!(options.option.foreground))
         daemonize();
-#ifdef HAVE_CHROOT
-        make_chroot();
-#endif /* HAVE_CHROOT */
     drop_privileges();
     create_pid();
 #endif /* !defined USE_WIN32 && !defined (__vms) */
@@ -299,24 +293,9 @@
 #endif
 }
 
-#ifdef HAVE_CHROOT
-static void make_chroot(void) {
-    if(options.chroot_dir) {
-        if(chroot(options.chroot_dir)) {
-            sockerror("chroot");
-            exit(1);
-        }
-        if(chdir("/")) {
-            sockerror("chdir");
-            exit(1);
-        }
-    }
-}
-#endif /* HAVE_CHROOT */
-
 #if !defined (USE_WIN32) && !defined (__vms)
-    /* set process user and group(s) id */
-void drop_privileges(void) {
+    /* chroot and set process user and group(s) id */
+static void drop_privileges(void) {
     int uid=0, gid=0;
     struct group *gr;
 #ifdef HAVE_SETGROUPS
@@ -350,6 +329,20 @@
         }
     }
 
+#ifdef HAVE_CHROOT
+    /* chroot */
+    if(options.chroot_dir) {
+        if(chroot(options.chroot_dir)) {
+            sockerror("chroot");
+            exit(1);
+        }
+        if(chdir("/")) {
+            sockerror("chdir");
+            exit(1);
+        }
+    }
+#endif /* HAVE_CHROOT */
+
     /* Set uid and gid */
     if(gid) {
         if(setgid(gid)) {