diff options
Diffstat (limited to 'os/unix/unixd.c')
| -rw-r--r-- | os/unix/unixd.c | 206 |
1 files changed, 0 insertions, 206 deletions
diff --git a/os/unix/unixd.c b/os/unix/unixd.c index 3e3ba7823e..bd0baeb163 100644 --- a/os/unix/unixd.c +++ b/os/unix/unixd.c @@ -52,212 +52,6 @@ unixd_config_rec unixd_config; -/* Set group privileges. - * - * Note that we use the username as set in the config files, rather than - * the lookup of to uid --- the same uid may have multiple passwd entries, - * with different sets of groups for each. - */ - -static int set_group_privs(void) -{ - if (!geteuid()) { - const char *name; - - /* Get username if passed as a uid */ - - if (unixd_config.user_name[0] == '#') { - struct passwd *ent; - uid_t uid = atol(&unixd_config.user_name[1]); - - if ((ent = getpwuid(uid)) == NULL) { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "getpwuid: couldn't determine user name from uid %ld, " - "you probably need to modify the User directive", - (long)uid); - return -1; - } - - name = ent->pw_name; - } - else - name = unixd_config.user_name; - -#if !defined(OS2) && !defined(TPF) - /* OS/2 and TPF don't support groups. */ - - /* - * Set the GID before initgroups(), since on some platforms - * setgid() is known to zap the group list. - */ - if (setgid(unixd_config.group_id) == -1) { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "setgid: unable to set group id to Group %u", - (unsigned)unixd_config.group_id); - return -1; - } - - /* Reset `groups' attributes. */ - - if (initgroups(name, unixd_config.group_id) == -1) { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "initgroups: unable to set groups for User %s " - "and Group %u", name, (unsigned)unixd_config.group_id); - return -1; - } -#endif /* !defined(OS2) && !defined(TPF) */ - } - return 0; -} - - -AP_DECLARE(int) unixd_setup_child(void) -{ - if (set_group_privs()) { - return -1; - } - - if (NULL != unixd_config.chroot_dir) { - if (geteuid()) { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "Cannot chroot when not started as root"); - return -1; - } - if (chdir(unixd_config.chroot_dir) != 0) { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "Can't chdir to %s", unixd_config.chroot_dir); - return -1; - } - if (chroot(unixd_config.chroot_dir) != 0) { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "Can't chroot to %s", unixd_config.chroot_dir); - return -1; - } - if (chdir("/") != 0) { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "Can't chdir to new root"); - return -1; - } - } - -#ifdef MPE - /* Only try to switch if we're running as MANAGER.SYS */ - if (geteuid() == 1 && unixd_config.user_id > 1) { - GETPRIVMODE(); - if (setuid(unixd_config.user_id) == -1) { - GETUSERMODE(); - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "setuid: unable to change to uid: %ld", - (long) unixd_config.user_id); - exit(1); - } - GETUSERMODE(); - } -#else - /* Only try to switch if we're running as root */ - if (!geteuid() && ( -#ifdef _OSD_POSIX - os_init_job_environment(NULL, unixd_config.user_name, ap_exists_config_define("DEBUG")) != 0 || -#endif - setuid(unixd_config.user_id) == -1)) { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "setuid: unable to change to uid: %ld", - (long) unixd_config.user_id); - return -1; - } -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) - /* this applies to Linux 2.4+ */ -#ifdef AP_MPM_WANT_SET_COREDUMPDIR - if (ap_coredumpdir_configured) { - if (prctl(PR_SET_DUMPABLE, 1)) { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "set dumpable failed - this child will not coredump" - " after software errors"); - } - } -#endif -#endif -#endif - return 0; -} - - -AP_DECLARE(const char *) unixd_set_user(cmd_parms *cmd, void *dummy, - const char *arg) -{ - const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); - if (err != NULL) { - return err; - } - - unixd_config.user_name = arg; - unixd_config.user_id = ap_uname2id(arg); -#if !defined (BIG_SECURITY_HOLE) && !defined (OS2) - if (unixd_config.user_id == 0) { - return "Error:\tApache has not been designed to serve pages while\n" - "\trunning as root. There are known race conditions that\n" - "\twill allow any local user to read any file on the system.\n" - "\tIf you still desire to serve pages as root then\n" - "\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n" - "\tand then rebuild the server.\n" - "\tIt is strongly suggested that you instead modify the User\n" - "\tdirective in your httpd.conf file to list a non-root\n" - "\tuser.\n"; - } -#endif - - return NULL; -} - -AP_DECLARE(const char *) unixd_set_group(cmd_parms *cmd, void *dummy, - const char *arg) -{ - const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); - if (err != NULL) { - return err; - } - - unixd_config.group_id = ap_gname2id(arg); - - return NULL; -} -AP_DECLARE(const char *) unixd_set_chroot_dir(cmd_parms *cmd, void *dummy, - const char *arg) -{ - const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); - if (err != NULL) { - return err; - } - if (!ap_is_directory(cmd->pool, arg)) { - return "ChrootDir must be a valid directory"; - } - - unixd_config.chroot_dir = arg; - return NULL; -} - -AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) -{ - apr_finfo_t wrapper; - - unixd_config.user_name = DEFAULT_USER; - unixd_config.user_id = ap_uname2id(DEFAULT_USER); - unixd_config.group_id = ap_gname2id(DEFAULT_GROUP); - - unixd_config.chroot_dir = NULL; /* none */ - - /* Check for suexec */ - unixd_config.suexec_enabled = 0; - if ((apr_stat(&wrapper, SUEXEC_BIN, - APR_FINFO_NORM, ptemp)) != APR_SUCCESS) { - return; - } - - if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { - unixd_config.suexec_enabled = 1; - } -} - AP_DECLARE(void) unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit, const char *arg, const char * arg2, int type) |