diff options
| author |   henning <henning@openbsd.org> | 2003-10-24 10:38:30 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2003-10-24 10:38:30 +0000 |
| commit | 3ff611df8437f01b16d839dbda36f46b2af3037e (patch) | |
| tree | d16692aeea1cfc31bd04426ebef188c714a16bb3 | |
| parent | small update for CIPHERS; (diff) | |
| download | wireguard-openbsd-3ff611df8437f01b16d839dbda36f46b2af3037e.tar.xz wireguard-openbsd-3ff611df8437f01b16d839dbda36f46b2af3037e.zip | |
initgroups() before chroot(), found by Daniel Lucq
ok deraadt@
| -rw-r--r-- | usr.sbin/httpd/src/main/http_main.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c index e3ac36984c5..a4c4b77bff6 100644 --- a/usr.sbin/httpd/src/main/http_main.c +++ b/usr.sbin/httpd/src/main/http_main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http_main.c,v 1.32 2003/09/19 17:23:27 henning Exp $ */ +/* $OpenBSD: http_main.c,v 1.33 2003/10/24 10:38:30 henning Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -5277,6 +5277,13 @@ static void standalone_main(int argc, char **argv) OpenSSL_add_all_algorithms(); #endif + if (initgroups(ap_user_name, ap_group_id)) { + ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf, + "initgroups: unable to set groups for User %s " + "and Group %u", ap_user_name, (unsigned)ap_group_id); + exit(1); + } + if (chroot(ap_server_root) < 0) { ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf, "unable to chroot into %s!", ap_server_root); @@ -5288,8 +5295,7 @@ static void standalone_main(int argc, char **argv) is_chrooted = 1; setproctitle("parent [chroot %s]", ap_server_root); - if (initgroups(ap_user_name, ap_group_id) || - setegid(ap_group_id) || setgid(ap_group_id) || + if (setegid(ap_group_id) || setgid(ap_group_id) || seteuid(ap_user_id) || setuid(ap_user_id)) { ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf, "can't drop priviliges!"); |