File 0001-open-log-file-early-so-log-dir-can-be-root-owned.diff of Package mumble

From d79587e5570ec036355ada3de76521d981ce9596 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 8 Mar 2011 16:31:33 +0100
Subject: [PATCH] open log file early so log dir can be root owned

http://article.gmane.org/gmane.comp.security.oss.general/4404
---
 src/murmur/UnixMurmur.cpp |    2 +-
 src/murmur/main.cpp       |   46 ++++++++++++++++++++++++++------------------
 2 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/src/murmur/UnixMurmur.cpp b/src/murmur/UnixMurmur.cpp
index 773701c..3dc9c08 100644
--- a/src/murmur/UnixMurmur.cpp
+++ b/src/murmur/UnixMurmur.cpp
@@ -255,7 +255,7 @@ void UnixMurmur::setuid() {
 
 void UnixMurmur::initialcap() {
 #ifdef Q_OS_LINUX
-	cap_value_t caps[] = {CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID, CAP_SYS_RESOURCE, CAP_DAC_OVERRIDE };
+	cap_value_t caps[] = {CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID, CAP_CHOWN, CAP_SYS_RESOURCE, CAP_DAC_OVERRIDE };
 
 	if (! bRoot)
 		return;
diff --git a/src/murmur/main.cpp b/src/murmur/main.cpp
index 5a4810d..695f8cc 100644
--- a/src/murmur/main.cpp
+++ b/src/murmur/main.cpp
@@ -273,6 +273,33 @@ int main(int argc, char **argv) {
 
 	Meta::mp.read(inifile);
 
+	// need to open log file early so log dir can be root owned:
+	// http://article.gmane.org/gmane.comp.security.oss.general/4404
+	if (detach && ! Meta::mp.qsLogfile.isEmpty()) {
+		qfLog = new QFile(Meta::mp.qsLogfile);
+		if (! qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) {
+			delete qfLog;
+			qfLog = NULL;
+#ifdef Q_OS_UNIX
+			fprintf(stderr, "murmurd: failed to open logfile %s: no logging will be done\n",qPrintable(Meta::mp.qsLogfile));
+#else
+			qWarning("Failed to open logfile %s. Will not detach.",qPrintable(Meta::mp.qsLogfile));
+			detach = false;
+#endif
+		} else {
+			qfLog->setTextModeEnabled(true);
+			QFileInfo qfi(*qfLog);
+			Meta::mp.qsLogfile = qfi.absoluteFilePath();
+#ifdef Q_OS_UNIX
+			if (Meta::mp.uiUid != 0 && fchown(qfLog->handle(), Meta::mp.uiUid, Meta::mp.uiGid) == -1) {
+				qFatal("can't change log file owner to %d %d:%d - %s", qfLog->handle(), Meta::mp.uiUid, Meta::mp.uiGid, strerror(errno));
+			}
+#endif
+		}
+	} else {
+		detach = false;
+	}
+
 #ifdef Q_OS_UNIX
 	unixhandler.setuid();
 #endif
@@ -318,25 +345,6 @@ int main(int argc, char **argv) {
 		}
 	}
 
-	if (detach && ! Meta::mp.qsLogfile.isEmpty()) {
-		qfLog = new QFile(Meta::mp.qsLogfile);
-		if (! qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) {
-			delete qfLog;
-			qfLog = NULL;
-#ifdef Q_OS_UNIX
-			fprintf(stderr, "murmurd: failed to open logfile %s: no logging will be done\n",qPrintable(Meta::mp.qsLogfile));
-#else
-			qWarning("Failed to open logfile %s. Will not detach.",qPrintable(Meta::mp.qsLogfile));
-			detach = false;
-#endif
-		} else {
-			qfLog->setTextModeEnabled(true);
-			QFileInfo qfi(*qfLog);
-			Meta::mp.qsLogfile = qfi.absoluteFilePath();
-		}
-	} else {
-		detach = false;
-	}
 #ifdef Q_OS_UNIX
 	if (detach) {
 		if (fork() != 0) {
-- 
1.7.3.4