diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2003-10-24 10:38:31 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2003-10-24 10:38:31 +0000 |
| commit | d5ce9096df86b28de8c6cb0520a26d3c0a83156e (patch) | |
| tree | 0246a155f9eb3c86965d048c8a56b06ff90e9667 | |
| parent | a902ab9808910ea708a820ac43775f2c7a4c6ba8 (diff) | |
initgroups() before chroot(), found by Daniel Lucq
ok deraadt@
| -rw-r--r-- | usr.sbin/httpd/src/main/http_main.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c index e3ac36984c5..a4c4b77bff6 100644 --- a/usr.sbin/httpd/src/main/http_main.c +++ b/usr.sbin/httpd/src/main/http_main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http_main.c,v 1.32 2003/09/19 17:23:27 henning Exp $ */ +/* $OpenBSD: http_main.c,v 1.33 2003/10/24 10:38:30 henning Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -5277,6 +5277,13 @@ static void standalone_main(int argc, char **argv) OpenSSL_add_all_algorithms(); #endif + if (initgroups(ap_user_name, ap_group_id)) { + ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf, + "initgroups: unable to set groups for User %s " + "and Group %u", ap_user_name, (unsigned)ap_group_id); + exit(1); + } + if (chroot(ap_server_root) < 0) { ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf, "unable to chroot into %s!", ap_server_root); @@ -5288,8 +5295,7 @@ static void standalone_main(int argc, char **argv) is_chrooted = 1; setproctitle("parent [chroot %s]", ap_server_root); - if (initgroups(ap_user_name, ap_group_id) || - setegid(ap_group_id) || setgid(ap_group_id) || + if (setegid(ap_group_id) || setgid(ap_group_id) || seteuid(ap_user_id) || setuid(ap_user_id)) { ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf, "can't drop priviliges!"); |