From 3cd00b46e94d6ac7960868c3d9acd7195b58b7a7 Mon Sep 17 00:00:00 2001
From: lace <>
Date: Thu, 22 Dec 2005 14:34:28 +0000
Subject: [PATCH] Fixed captive-sandbox-server(8) regarding:
 captive_standalone_init()  - We were initializing libcaptive too late.

---
 src/client/sandbox-server/main.c   | 7 +++++--
 src/libcaptive/client/standalone.c | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/client/sandbox-server/main.c b/src/client/sandbox-server/main.c
index ce88748..7735da7 100644
--- a/src/client/sandbox-server/main.c
+++ b/src/client/sandbox-server/main.c
@@ -602,6 +602,11 @@ gboolean fragile;
 			|G_LOG_LEVEL_DEBUG
 			));
 
+	/* Do not do it later than chroot_setup() as it requires it.
+	 * On the other hand it is SETUID-fragile this way.
+	 */
+	captive_standalone_init();
+
 	fatal_argv0=argv[0];
 	fragile=(getuid()!=geteuid() || getuid()==0 || geteuid()==0);
 
@@ -613,8 +618,6 @@ gboolean fragile;
 		chroot_setup(TRUE);
 #endif /* MAINTAINER_MODE */
 
-	captive_standalone_init();
-
 	captive_options_init(&options);
 	captive_options=&options;	/* for parsing by 'CAPTIVE_POPT_INCLUDE' */
 
diff --git a/src/libcaptive/client/standalone.c b/src/libcaptive/client/standalone.c
index b859013..9abc21e 100644
--- a/src/libcaptive/client/standalone.c
+++ b/src/libcaptive/client/standalone.c
@@ -28,6 +28,7 @@
 
 gboolean captive_standalone_init_done=FALSE;
 
+/* WARNING: Function is called unprotected with SETUID! */
 void captive_standalone_init(void)
 {
 	if (captive_standalone_init_done)
-- 
1.8.3.1