diff options
| author |   fgsch <fgsch@openbsd.org> | 2003-08-07 16:26:44 +0000 |
|---|---|---|
| committer | fgsch <fgsch@openbsd.org> | 2003-08-07 16:26:44 +0000 |
| commit | b557eab613b5a43e58acf74a471b047da8026582 (patch) | |
| tree | 8413b70604bbdece57b44d6ca545be93e75f2812 | |
| parent | Allow nested interrupts in the openpic interrupt controller, tested by (diff) | |
| download | wireguard-openbsd-b557eab613b5a43e58acf74a471b047da8026582.tar.xz wireguard-openbsd-b557eab613b5a43e58acf74a471b047da8026582.zip | |
use setusercontext(3) instead of initgroups/setuid/et al., making possible
to limit resources based on the user class the binary is run under.
while i'm here, use %u for gid_t and uid_t.
input and ok from millert and henning.
| -rw-r--r-- | usr.sbin/httpd/src/support/Makefile.tmpl | 2 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/support/suexec.c | 26 |
2 files changed, 20 insertions, 8 deletions
diff --git a/usr.sbin/httpd/src/support/Makefile.tmpl b/usr.sbin/httpd/src/support/Makefile.tmpl index 880d5b19cfc..ad704ffd625 100644 --- a/usr.sbin/httpd/src/support/Makefile.tmpl +++ b/usr.sbin/httpd/src/support/Makefile.tmpl @@ -7,7 +7,7 @@ # LIBS=-L$(SSLLOC)/lib -lssl -lcrypto -lm -lap -los $(EXTRA_LIBS) $(LIBS1) # INCLUDES=-I$(SSLLOC)/include $(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES) -CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) +CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) -DUSE_SETUSERCONTEXT LIBS=-lm -lap -los $(EXTRA_LIBS) $(LIBS1) INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES) LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS) -L$(OSDIR) -L$(SRCDIR)/ap diff --git a/usr.sbin/httpd/src/support/suexec.c b/usr.sbin/httpd/src/support/suexec.c index b8a21048396..07bee9d2d21 100644 --- a/usr.sbin/httpd/src/support/suexec.c +++ b/usr.sbin/httpd/src/support/suexec.c @@ -91,6 +91,10 @@ #include <stdarg.h> +#if defined(USE_SETUSERCONTEXT) +#include <login_cap.h> +#endif + #include "suexec.h" /* @@ -281,7 +285,7 @@ int main(int argc, char *argv[]) */ uid = getuid(); if ((pw = getpwuid(uid)) == NULL) { - log_err("crit: invalid uid: (%ld)\n", uid); + log_err("crit: invalid uid: (%u)\n", uid); exit(102); } /* @@ -452,7 +456,7 @@ int main(int argc, char *argv[]) * a UID less than UID_MIN. Tsk tsk. */ if ((uid == 0) || (uid < UID_MIN)) { - log_err("crit: cannot run as forbidden uid (%d/%s)\n", uid, cmd); + log_err("crit: cannot run as forbidden uid (%u/%s)\n", uid, cmd); exit(107); } @@ -461,10 +465,17 @@ int main(int argc, char *argv[]) * or as a GID less than GID_MIN. Tsk tsk. */ if ((gid == 0) || (gid < GID_MIN)) { - log_err("crit: cannot run as forbidden gid (%d/%s)\n", gid, cmd); + log_err("crit: cannot run as forbidden gid (%u/%s)\n", gid, cmd); exit(108); } +#if defined(USE_SETUSERCONTEXT) + if (setusercontext(NULL, pw, uid, + LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH)) != 0) { + log_err("emerg: failed to setusercontext (%u: %s)\n", uid, cmd); + exit(110); + } +#else /* * Change UID/GID here so that the following tests work over NFS. * @@ -472,7 +483,7 @@ int main(int argc, char *argv[]) * and setgid() to the target group. If unsuccessful, error out. */ if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) { - log_err("emerg: failed to setgid (%ld: %s)\n", gid, cmd); + log_err("emerg: failed to setgid (%u: %s)\n", gid, cmd); exit(109); } @@ -480,9 +491,10 @@ int main(int argc, char *argv[]) * setuid() to the target user. Error out on fail. */ if ((setuid(uid)) != 0) { - log_err("emerg: failed to setuid (%ld: %s)\n", uid, cmd); + log_err("emerg: failed to setuid (%u: %s)\n", uid, cmd); exit(110); } +#endif /* * Get the current working directory, as well as the proper @@ -569,8 +581,8 @@ int main(int argc, char *argv[]) (gid != dir_info.st_gid) || (uid != prg_info.st_uid) || (gid != prg_info.st_gid)) { - log_err("error: target uid/gid (%ld/%ld) mismatch " - "with directory (%ld/%ld) or program (%ld/%ld)\n", + log_err("error: target uid/gid (%u/%u) mismatch " + "with directory (%u/%u) or program (%u/%u)\n", uid, gid, dir_info.st_uid, dir_info.st_gid, prg_info.st_uid, prg_info.st_gid); |