From d5ce9096df86b28de8c6cb0520a26d3c0a83156e Mon Sep 17 00:00:00 2001 From: Henning Brauer Date: Fri, 24 Oct 2003 10:38:31 +0000 Subject: initgroups() before chroot(), found by Daniel Lucq ok deraadt@ --- usr.sbin/httpd/src/main/http_main.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c index e3ac36984c5..a4c4b77bff6 100644 --- a/usr.sbin/httpd/src/main/http_main.c +++ b/usr.sbin/httpd/src/main/http_main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http_main.c,v 1.32 2003/09/19 17:23:27 henning Exp $ */ +/* $OpenBSD: http_main.c,v 1.33 2003/10/24 10:38:30 henning Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -5277,6 +5277,13 @@ static void standalone_main(int argc, char **argv) OpenSSL_add_all_algorithms(); #endif + if (initgroups(ap_user_name, ap_group_id)) { + ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf, + "initgroups: unable to set groups for User %s " + "and Group %u", ap_user_name, (unsigned)ap_group_id); + exit(1); + } + if (chroot(ap_server_root) < 0) { ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf, "unable to chroot into %s!", ap_server_root); @@ -5288,8 +5295,7 @@ static void standalone_main(int argc, char **argv) is_chrooted = 1; setproctitle("parent [chroot %s]", ap_server_root); - if (initgroups(ap_user_name, ap_group_id) || - setegid(ap_group_id) || setgid(ap_group_id) || + if (setegid(ap_group_id) || setgid(ap_group_id) || seteuid(ap_user_id) || setuid(ap_user_id)) { ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf, "can't drop priviliges!"); -- cgit v1.2.3