Add proper SUID bit detection (fixes #416)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2436 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-04-09 16:51:52 +00:00 · 2009-04-09 16:51:52 +00:00 · 9c7cdb8011
parent 815875377a
commit 9c7cdb8011
5 changed files with 16 additions and 1 deletions
--- a/1
+++ b/1
@ -15,6 +15,7 @@ NEWS
  * Remove the optional port info from SERVER_NAME (thx Mr_Bond)
  * Fix mod_proxy RoundRobin (off by one problem if only one backend is up)
  * Rename configure.in to configure.ac, with small cleanups (fixes #1932)
+  * Add proper SUID bit detection (fixes #416)

 - 1.4.22 - 2009-03-07
  * Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533)
--- a/configure.ac
+++ b/configure.ac
@ -77,6 +77,7 @@ dnl AC_FUNC_REALLOC
 AC_TYPE_SIGNAL
 AC_FUNC_STAT
 AC_FUNC_STRFTIME
+AC_CHECK_FUNCS([issetugid])

 dnl Checks for database.
 MYSQL_INCLUDE=""
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -145,6 +145,7 @@ CHECK_C_SOURCE_COMPILES("
 		struct sockaddr_in6 s; struct in6_addr t=in6addr_any; int i=AF_INET6; s; t.s6_addr[0] = 0;
 		return 0;
 	}" HAVE_IPV6)
+CHECK_FUNCTION_EXISTS(issetugid HAVE_ISSETUGID)

 ## refactor me
 MACRO(XCONFIG _package _include_DIR _link_DIR _link_FLAGS _cflags)
--- a/src/config.h.cmake
+++ b/src/config.h.cmake
@ -30,6 +30,7 @@
 #cmakedefine HAVE_PTHREAD_H
 #cmakedefine HAVE_INET_ATON
 #cmakedefine HAVE_IPV6
+#cmakedefine HAVE_ISSETUGID

 /* XATTR */
 #cmakedefine HAVE_ATTR_ATTRIBUTES_H
--- a/src/server.c
+++ b/src/server.c
@ -64,6 +64,17 @@
 /* #define USE_ALARM */
 #endif

+#ifdef HAVE_GETUID
+# ifndef HAVE_ISSETUGID
+
+static int l_issetugid() {
+	return (geteuid() != getuid() || getegid() != getgid());
+}
+
+#  define issetugid l_issetugid
+# endif
+#endif
+
 static volatile sig_atomic_t srv_shutdown = 0;
 static volatile sig_atomic_t graceful_shutdown = 0;
 static volatile sig_atomic_t handle_sig_alarm = 1;
@ -589,7 +600,7 @@ int main (int argc, char **argv) {

 	/* UID handling */
 #ifdef HAVE_GETUID
-	if (!i_am_root && (geteuid() == 0 || getegid() == 0)) {
+	if (!i_am_root && issetugid()) {
 		/* we are setuid-root */

 		log_error_write(srv, __FILE__, __LINE__, "s",