[hipl-commit] [trunk] Rev 3705: Doxygen for lib/core/hip_capability.c

  • From: Miika Komu <miika@xxxxxx>
  • To: hipl-commit@xxxxxxxxxxxxx
  • Date: Thu, 25 Feb 2010 10:56:36 +0200

Committer: Miika Komu <miika@xxxxxx>
Date: Thu Feb 25 10:56:34 2010 +0200
Revision: 3705
Revision-id: miika@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk

Log:
  Doxygen for lib/core/hip_capability.c

Modified:
  D  lib/core/hip_capability.c.doxyme
  M  lib/core/hip_capability.c

=== modified file 'lib/core/hip_capability.c'
--- lib/core/hip_capability.c   2010-02-12 13:09:10 +0000
+++ lib/core/hip_capability.c   2010-02-25 08:56:34 +0000
@@ -1,3 +1,22 @@
+/**
+ * @file
+ *
+ * Distributed under <a href="http://www.gnu.org/licenses/gpl2.txt";>GNU/GPL</a>
+ *
+ * This file contains functionality to lower the privileges (or
+ * capabilities) of agent, hipd and hipfw. It is important to restrict
+ * the damage of a exploit to the software. The code is Linux
+ * specific.
+ *
+ * The capability code has been problematic with valgrind, the memory leak
+ * detector. If you experience problems with valgrind, you can disable
+ * capability code with ./configure --disable-privsep && make clean all
+ *
+ * @brief Functionality to lower the privileges of a daemon
+ *
+ * @author Miika Komu <miika@xxxxxx>
+ */
+
 #define _BSD_SOURCE
 
 #ifdef HAVE_CONFIG_H
@@ -31,6 +50,12 @@
 #define USER_HIPD "hipd"
 #endif /* CONFIG_HIP_PRIVSEP */
 
+/**
+ * map a user name such as "nobody" to the corresponding UID number
+ *
+ * @param the name to map
+ * @return the UID or -1 on error
+ */
 int hip_user_to_uid(char *name)
 {
     int uid            = -1;
@@ -63,8 +88,11 @@
 
 #define _LINUX_CAPABILITY_VERSION_HIPL  0x19980330
 
-/*
- * Note: this function does not go well with valgrind
+/**
+ * lower the privileges of the running process
+ *
+ * @param run_as_sudo
+ * @return
  */
 int hip_set_lowcapability(int run_as_sudo)
 {
@@ -72,8 +100,6 @@
 
 #ifdef CONFIG_HIP_PRIVSEP
     uid_t uid;
-    //struct __user_cap_header_struct header;
-    //struct __user_cap_data_struct data;
     struct __user_cap_header_struct header;
     struct __user_cap_data_struct data;
 
@@ -100,9 +126,6 @@
     HIP_DEBUG("effective=%u, permitted = %u, inheritable=%u\n",
               data.effective, data.permitted, data.inheritable);
 
-    //ruid=nobody_pswd->pw_uid;
-    //euid=nobody_pswd->pw_uid;
-
     HIP_DEBUG("Before setreuid(,) UID=%d and EFF_UID=%d\n",
               getuid(), geteuid());
 
@@ -140,8 +163,12 @@
 
 #else /* ! ALTSEP */
 
-/*
- * Note: this function does not go well with valgrind
+/**
+ * Lower the privileges of the currently running process.
+ *
+ * @param run_as_sudo 1 if the process was started with "sudo" or
+ *                    0 otherwise
+ * @return zero on success and negative on error
  */
 int hip_set_lowcapability(int run_as_sudo)
 {

Other related posts:

  • » [hipl-commit] [trunk] Rev 3705: Doxygen for lib/core/hip_capability.c - Miika Komu