From 558bfc4e1e629688fc78d16b18413ff9802dc8f4 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Fri, 29 Jul 2016 22:05:35 -0400 Subject: [PATCH] [security] ensure gid != 0 if server.username set (fixes #2725) server.username can not be root or 0. server.groupname can not be root or 0. If server.username is set, previous behavior might retain gid 0 if server.groupname was not set. New behavior calls setgid() on server.username primary gid, and then initgroups on server.username if server.username is set but server.groupname is not set. x-ref: "server.groupname not required with server.username" https://redmine.lighttpd.net/issues/2725 --- src/server.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/server.c b/src/server.c index 35f9a6e0..382d5a6e 100644 --- a/src/server.c +++ b/src/server.c @@ -1020,6 +1020,14 @@ int main (int argc, char **argv) { #ifdef HAVE_PWD_H /* set user and group */ + if (!buffer_string_is_empty(srv->srvconf.groupname)) { + if (NULL == (grp = getgrnam(srv->srvconf.groupname->ptr))) { + log_error_write(srv, __FILE__, __LINE__, "sb", + "can't find groupname", srv->srvconf.groupname); + return -1; + } + } + if (!buffer_string_is_empty(srv->srvconf.username)) { if (NULL == (pwd = getpwnam(srv->srvconf.username->ptr))) { log_error_write(srv, __FILE__, __LINE__, "sb", @@ -1032,14 +1040,15 @@ int main (int argc, char **argv) { "I will not set uid to 0\n"); return -1; } - } - if (!buffer_string_is_empty(srv->srvconf.groupname)) { - if (NULL == (grp = getgrnam(srv->srvconf.groupname->ptr))) { - log_error_write(srv, __FILE__, __LINE__, "sb", - "can't find groupname", srv->srvconf.groupname); + if (NULL == grp && NULL == (grp = getgrgid(pwd->pw_gid))) { + log_error_write(srv, __FILE__, __LINE__, "sd", + "can't find group id", pwd->pw_gid); return -1; } + } + + if (NULL != grp) { if (grp->gr_gid == 0) { log_error_write(srv, __FILE__, __LINE__, "s", "I will not set gid to 0\n");