--- cfengine-2.1.15/src/init.c.orig 2005-03-16 17:16:33.000000000 +0100 +++ cfengine-2.1.15/src/init.c 2006-03-27 17:24:15.093750000 +0200 @@ -87,20 +87,20 @@ { snprintf(VBUFF,CF_BUFSIZE,"%s/state",VLOCKDIR); MakeDirectoriesFor(VBUFF,'n'); - if (chown(VBUFF,getuid(),getgid()) == -1) + /* if (chown(VBUFF,getuid(),getgid()) == -1) { snprintf(OUTPUT,CF_BUFSIZE,"Unable to set owner on %s to %d.%d",VBUFF,getuid(),getgid()); CfLog(cferror,OUTPUT,"chown"); - } + } */ chmod(VBUFF,(mode_t)0755); } else { - if (statbuf.st_mode & 022) + /* if (statbuf.st_mode & 022) { snprintf(OUTPUT,CF_BUFSIZE*2,"UNTRUSTED: State directory %s (mode %o) was not private!\n",VLOCKDIR,statbuf.st_mode & 0777); CfLog(cferror,OUTPUT,""); - } + } */ } Verbose("Checking integrity of the module directory\n"); @@ -111,21 +111,21 @@ snprintf(VBUFF,CF_BUFSIZE,"%s/modules/test",VLOCKDIR); MakeDirectoriesFor(VBUFF,'n'); snprintf(VBUFF,CF_BUFSIZE,"%s/modules",VLOCKDIR); - if (chown(VBUFF,getuid(),getgid()) == -1) + /* if (chown(VBUFF,getuid(),getgid()) == -1) { snprintf(OUTPUT,CF_BUFSIZE,"Unable to set owner on %s to %d.%d",VBUFF,getuid(),getgid()); CfLog(cferror,OUTPUT,"chown"); - } + } */ chmod(VBUFF,(mode_t)0700); } else { - if (statbuf.st_mode & 022) + /* if (statbuf.st_mode & 022) { snprintf(OUTPUT,CF_BUFSIZE*2,"UNTRUSTED: Module directory %s (mode %o) was not private!\n",VLOCKDIR,statbuf.st_mode & 0777); CfLog(cferror,OUTPUT,""); - } + } */ } Verbose("Checking integrity of the input data for RPC\n"); @@ -137,22 +137,22 @@ snprintf(VBUFF,CF_BUFSIZE,"%s/rpc_in/test",VLOCKDIR); MakeDirectoriesFor(VBUFF,'n'); snprintf(VBUFF,CF_BUFSIZE,"%s/rpc_in",VLOCKDIR); - if (chown(VBUFF,getuid(),getgid()) == -1) + /* if (chown(VBUFF,getuid(),getgid()) == -1) { snprintf(OUTPUT,CF_BUFSIZE,"Unable to set owner on %s to %d.%d",VBUFF,getuid(),getgid()); CfLog(cferror,OUTPUT,"chown"); - } + } */ chmod(VBUFF,(mode_t)0700); } -else +/* else { if (statbuf.st_mode & 077) { snprintf(OUTPUT,CF_BUFSIZE*2,"UNTRUSTED: RPC input directory %s was not private! (%o)\n",VBUFF,statbuf.st_mode & 0777); FatalError(OUTPUT); - } - } + } + } */ Verbose("Checking integrity of the output data for RPC\n"); @@ -162,22 +162,22 @@ snprintf(VBUFF,CF_BUFSIZE,"%s/rpc_out/test",VLOCKDIR); MakeDirectoriesFor(VBUFF,'n'); snprintf(VBUFF,CF_BUFSIZE,"%s/rpc_out",VLOCKDIR); - if (chown(VBUFF,getuid(),getgid()) == -1) + /* if (chown(VBUFF,getuid(),getgid()) == -1) { snprintf(OUTPUT,CF_BUFSIZE,"Unable to set owner on %s to %d.%d",VBUFF,getuid(),getgid()); CfLog(cferror,OUTPUT,"chown"); - } + } */ chmod(VBUFF,(mode_t)0700); } -else +/* else { if (statbuf.st_mode & 077) { snprintf(OUTPUT,CF_BUFSIZE*2,"UNTRUSTED: RPC output directory %s was not private! (%o)\n",VBUFF,statbuf.st_mode & 0777); FatalError(OUTPUT); } - } + } */ Verbose("Checking integrity of the PKI directory\n"); snprintf(VBUFF,CF_BUFSIZE,"%s/ppkeys",VLOCKDIR); @@ -189,21 +189,21 @@ snprintf(VBUFF,CF_BUFSIZE,"%s/ppkeys",VLOCKDIR); chmod(VBUFF,(mode_t)0700); /* Locks must be immutable to others */ } -else +/* else { if (statbuf.st_mode & 077) { snprintf(OUTPUT,CF_BUFSIZE*2,"UNTRUSTED: Private key directory %s/ppkeys (mode %o) was not private!\n",VLOCKDIR,statbuf.st_mode & 0777); FatalError(OUTPUT); } - } + } */ Verbose("Making sure that locks are private...\n"); -if (chown(VLOCKDIR,getuid(),getgid()) == -1) +/* if (chown(VLOCKDIR,getuid(),getgid()) == -1) { snprintf(OUTPUT,CF_BUFSIZE,"Unable to set owner on %s to %d.%d",VLOCKDIR,getuid(),getgid()); CfLog(cferror,OUTPUT,"chown"); - } + } */ chmod(VLOCKDIR,(mode_t)0755); /* Locks must be immutable to others */ }