Browse Source

Restrict Unix socket file ownership by default to ug=rw

* default mode is now 0660 & ~umask
* chmod before chown: don't break apparmor profiles that didn't
  have `capability fowner` (which would be required now as chmod always
  triggers). This might lead to SUID and SGID bits getting cleared.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@59 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
tags/spawn-fcgi-1.6.4
Stefan Bühler 6 years ago
parent
commit
9108124842
3 changed files with 20 additions and 11 deletions
  1. +1
    -0
      NEWS
  2. +2
    -1
      spawn-fcgi.1
  3. +17
    -10
      src/spawn-fcgi.c

+ 1
- 0
NEWS View File

@@ -6,6 +6,7 @@ NEWS
- 1.6.4 -
* Use octal mode for -M (patch by dfjoerg)
* Add -b backlog option (fixes #2422, patch by aschmitz)
* Restrict Unix socket file ownership by default to ug=rw

- 1.6.3 - 2009-09-23
* Fix unix socket mode change to work without specifying user/group for socket


+ 2
- 1
spawn-fcgi.1 View File

@@ -82,7 +82,8 @@ Name of the PID file for spawned processes (ignored in no-fork mode)
No forking should take place (for daemontools)
.TP 8
.B \-M <mode>
Change file mode of the Unix domain socket; only used if \-s is given too.
Change file mode of the Unix domain socket (octal integer); only used if \-s is given too.
Defaults to read+write for user and group (0660) as far as the umask allows it.
.TP 8
.B \-?, \-h
General usage instructions


+ 17
- 10
src/spawn-fcgi.c View File

@@ -79,7 +79,13 @@ static int issetugid() {

#define CONST_STR_LEN(s) s, sizeof(s) - 1

static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, int mode, int backlog) {
static mode_t read_umask(void) {
mode_t mask = umask(0);
umask(mask);
return mask;
}

static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, mode_t mode, int backlog) {
int fcgi_fd, socket_type, val;

struct sockaddr_un fcgi_addr_un;
@@ -189,6 +195,13 @@ static int bind_socket(const char *addr, unsigned short port, const char *unixso
}

if (unixsocket) {
if (-1 == chmod(unixsocket, mode)) {
fprintf(stderr, "spawn-fcgi: couldn't chmod socket: %s\n", strerror(errno));
close(fcgi_fd);
unlink(unixsocket);
return -1;
}

if (0 != uid || 0 != gid) {
if (0 == uid) uid = -1;
if (0 == gid) gid = -1;
@@ -199,13 +212,6 @@ static int bind_socket(const char *addr, unsigned short port, const char *unixso
return -1;
}
}

if (-1 != mode && -1 == chmod(unixsocket, mode)) {
fprintf(stderr, "spawn-fcgi: couldn't chmod socket: %s\n", strerror(errno));
close(fcgi_fd);
unlink(unixsocket);
return -1;
}
}

if (-1 == listen(fcgi_fd, backlog)) {
@@ -423,7 +429,8 @@ static void show_help () {
" -a <address> bind to IPv4/IPv6 address (defaults to 0.0.0.0)\n" \
" -p <port> bind to TCP-port\n" \
" -s <path> bind to Unix domain socket\n" \
" -M <mode> change Unix domain socket mode\n" \
" -M <mode> change Unix domain socket mode (octal integer, default: allow\n" \
" read+write for user and group as far as umask allows it) \n" \
" -C <children> (PHP only) numbers of childs to spawn (default: not setting\n" \
" the PHP_FCGI_CHILDREN environment variable - PHP defaults to 0)\n" \
" -F <children> number of children to fork (default 1)\n" \
@@ -453,7 +460,7 @@ int main(int argc, char **argv) {
char **fcgi_app_argv = { NULL };
char *endptr = NULL;
unsigned short port = 0;
int sockmode = -1;
mode_t sockmode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) & ~read_umask();
int child_count = -1;
int fork_count = 1;
int backlog = 1024;


Loading…
Cancel
Save