From f6474c66d5812164c902a89f50cdeaa87bd72ae1 Mon Sep 17 00:00:00 2001 From: florian Date: Tue, 10 Jun 2014 14:33:01 +0000 Subject: Cleanup socket creation. Input ajacoutot some time ago; OK henning@ --- usr.sbin/slowcgi/slowcgi.8 | 6 +++--- usr.sbin/slowcgi/slowcgi.c | 17 +++++++---------- 2 files changed, 10 insertions(+), 13 deletions(-) (limited to 'usr.sbin/slowcgi') diff --git a/usr.sbin/slowcgi/slowcgi.8 b/usr.sbin/slowcgi/slowcgi.8 index 7307c7ac83e..9f1b4f99628 100644 --- a/usr.sbin/slowcgi/slowcgi.8 +++ b/usr.sbin/slowcgi/slowcgi.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: slowcgi.8,v 1.7 2014/01/20 13:00:31 florian Exp $ +.\" $OpenBSD: slowcgi.8,v 1.8 2014/06/10 14:33:01 florian Exp $ .\" .\" Copyright (c) 2013 Florian Obser .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 20 2014 $ +.Dd $Mdocdate: June 10 2014 $ .Dt SLOWCGI 8 .Os .Sh NAME @@ -49,7 +49,7 @@ is not intended for these applications. .Nm opens a socket at .Pa /var/www/run/slowcgi.sock , -owned by root:www, +owned by www:www, with permissions 0660. It will then .Xr chroot 8 diff --git a/usr.sbin/slowcgi/slowcgi.c b/usr.sbin/slowcgi/slowcgi.c index c27a74e2f7b..846c1b1e6f1 100644 --- a/usr.sbin/slowcgi/slowcgi.c +++ b/usr.sbin/slowcgi/slowcgi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: slowcgi.c,v 1.31 2014/04/16 14:43:43 florian Exp $ */ +/* $OpenBSD: slowcgi.c,v 1.32 2014/06/10 14:33:01 florian Exp $ */ /* * Copyright (c) 2013 David Gwynne * Copyright (c) 2013 Florian Obser @@ -159,7 +159,7 @@ struct fcgi_end_request_body { }__packed; __dead void usage(void); -void slowcgi_listen(char *, gid_t); +void slowcgi_listen(char *, struct passwd *); void slowcgi_paused(int, short, void *); int accept_reserve(int, struct sockaddr *, socklen_t *, int, volatile int *); @@ -304,7 +304,7 @@ main(int argc, char *argv[]) event_init(); - slowcgi_listen(fcgi_socket, pw->pw_gid); + slowcgi_listen(fcgi_socket, pw); if (chroot(pw->pw_dir) == -1) lerr(1, "chroot(%s)", pw->pw_dir); @@ -333,7 +333,7 @@ main(int argc, char *argv[]) return (0); } void -slowcgi_listen(char *path, gid_t gid) +slowcgi_listen(char *path, struct passwd *pw) { struct listener *l = NULL; struct sockaddr_un sun; @@ -356,18 +356,15 @@ slowcgi_listen(char *path, gid_t gid) if (errno != ENOENT) lerr(1, "slowcgi_listen: unlink %s", path); - old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH|S_IXOTH); - mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP; + old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH| + S_IXOTH); if (bind(fd, (struct sockaddr *)&sun, sizeof(sun)) == -1) lerr(1,"slowcgi_listen: bind: %s", path); umask(old_umask); - if (chmod(path, mode) == -1) - lerr(1, "slowcgi_listen: chmod: %s", path); - - if (chown(path, 0, gid) == -1) + if (chown(path, pw->pw_uid, pw->pw_gid) == -1) lerr(1, "slowcgi_listen: chown: %s", path); if (ioctl(fd, FIONBIO, &on) == -1) -- cgit v1.2.3-59-g8ed1b