summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2003-10-24 10:38:31 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2003-10-24 10:38:31 +0000
commitd5ce9096df86b28de8c6cb0520a26d3c0a83156e (patch)
tree0246a155f9eb3c86965d048c8a56b06ff90e9667 /usr.sbin
parenta902ab9808910ea708a820ac43775f2c7a4c6ba8 (diff)
initgroups() before chroot(), found by Daniel Lucq
ok deraadt@
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/httpd/src/main/http_main.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c
index e3ac36984c5..a4c4b77bff6 100644
--- a/usr.sbin/httpd/src/main/http_main.c
+++ b/usr.sbin/httpd/src/main/http_main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: http_main.c,v 1.32 2003/09/19 17:23:27 henning Exp $ */
+/* $OpenBSD: http_main.c,v 1.33 2003/10/24 10:38:30 henning Exp $ */
/* ====================================================================
* The Apache Software License, Version 1.1
@@ -5277,6 +5277,13 @@ static void standalone_main(int argc, char **argv)
OpenSSL_add_all_algorithms();
#endif
+ if (initgroups(ap_user_name, ap_group_id)) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
+ "initgroups: unable to set groups for User %s "
+ "and Group %u", ap_user_name, (unsigned)ap_group_id);
+ exit(1);
+ }
+
if (chroot(ap_server_root) < 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
"unable to chroot into %s!", ap_server_root);
@@ -5288,8 +5295,7 @@ static void standalone_main(int argc, char **argv)
is_chrooted = 1;
setproctitle("parent [chroot %s]", ap_server_root);
- if (initgroups(ap_user_name, ap_group_id) ||
- setegid(ap_group_id) || setgid(ap_group_id) ||
+ if (setegid(ap_group_id) || setgid(ap_group_id) ||
seteuid(ap_user_id) || setuid(ap_user_id)) {
ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
"can't drop priviliges!");