Fixed captive-sandbox-server(8) regarding: captive_standalone_init()

 - We were initializing libcaptive too late.

diff --git a/src/client/sandbox-server/main.c b/src/client/sandbox-server/main.c
index ce88748..7735da7 100644 (file)
--- a/src/client/sandbox-server/main.c
+++ b/src/client/sandbox-server/main.c
@@ -602,6 +602,11 @@ gboolean fragile;
                        |G_LOG_LEVEL_DEBUG
                        ));
 
                        |G_LOG_LEVEL_DEBUG
                        ));
 

+       /* Do not do it later than chroot_setup() as it requires it.
+        * On the other hand it is SETUID-fragile this way.
+        */
+       captive_standalone_init();
+

        fatal_argv0=argv[0];
        fragile=(getuid()!=geteuid() || getuid()==0 || geteuid()==0);
 
        fatal_argv0=argv[0];
        fragile=(getuid()!=geteuid() || getuid()==0 || geteuid()==0);
 


@@ -613,8 +618,6 @@ gboolean fragile;
                chroot_setup(TRUE);
 #endif /* MAINTAINER_MODE */
 
                chroot_setup(TRUE);
 #endif /* MAINTAINER_MODE */
 

-       captive_standalone_init();
-

        captive_options_init(&options);
        captive_options=&options;       /* for parsing by 'CAPTIVE_POPT_INCLUDE' */
 
        captive_options_init(&options);
        captive_options=&options;       /* for parsing by 'CAPTIVE_POPT_INCLUDE' */
 

diff --git a/src/libcaptive/client/standalone.c b/src/libcaptive/client/standalone.c
index b859013..9abc21e 100644 (file)
--- a/src/libcaptive/client/standalone.c
+++ b/src/libcaptive/client/standalone.c
@@ -28,6 +28,7 @@
 
 gboolean captive_standalone_init_done=FALSE;
 
 
 gboolean captive_standalone_init_done=FALSE;
 

+/* WARNING: Function is called unprotected with SETUID! */

 void captive_standalone_init(void)
 {
        if (captive_standalone_init_done)
 void captive_standalone_init(void)
 {
        if (captive_standalone_init_done)