Browse Source

Add proper SUID bit detection

git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@33 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
master
Stefan Bühler 12 years ago
parent
commit
e4294c3acf
  1. 4
      configure.ac
  2. 2
      src/CMakeLists.txt
  3. 2
      src/config.h.cmake
  4. 11
      src/spawn-fcgi.c

4
configure.ac

@ -25,17 +25,19 @@ AC_CHECK_HEADERS([arpa/inet.h errno.h fcntl.h getopt.h grp.h netdb.h \
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_UID_T
AC_TYPE_PID_T
AC_HEADER_TIME
AC_CHECK_TYPES(socklen_t,,,[#include <sys/types.h>
#include <sys/socket.h>])
# Checks for library functions.
AC_FUNC_CHOWN
AC_FUNC_FORK
AC_FUNC_MALLOC
AC_FUNC_SELECT_ARGTYPES
AC_FUNC_STAT
AC_CHECK_FUNCS([dup2 memset putenv select socket strerror strtol])
AC_CHECK_FUNCS([dup2 memset putenv select socket strerror strtol issetugid])
# check for extra compiler options (warning options)
if test "${GCC}" = "yes"; then

2
src/CMakeLists.txt

@ -39,6 +39,8 @@ CHECK_INCLUDE_FILES(sys/wait.h HAVE_SYS_WAIT_H)
CHECK_INCLUDE_FILES(unistd.h HAVE_UNISTD_H)
CHECK_INCLUDE_FILES(winsock2.h HAVE_WINSOCK2_H)
CHECK_FUNCTION_EXISTS(issetugid HAVE_ISSETUGID)
SET(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h)
CHECK_TYPE_SIZE(socklen_t HAVE_SOCKLEN_T)
SET(CMAKE_EXTRA_INCLUDE_FILES)

2
src/config.h.cmake

@ -30,3 +30,5 @@
#cmakedefine HAVE_UNISTD_H
#cmakedefine HAVE_WINSOCK
#cmakedefine HAVE_SOCKLEN_T
#cmakedefine HAVE_ISSETUGID

11
src/spawn-fcgi.c

@ -59,6 +59,12 @@
typedef int socklen_t;
#endif
#ifndef HAVE_ISSETUGID
static int issetugid() {
return (geteuid() != getuid() || getegid() != getgid());
}
#endif
static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, int mode) {
int fcgi_fd, socket_type, val;
@ -467,9 +473,8 @@ int main(int argc, char **argv) {
return -1;
}
/* UID handling */
if (!i_am_root && (geteuid() == 0 || getegid() == 0)) {
/* we are setuid-root */
/* SUID handling */
if (!i_am_root && issetugid()) {
fprintf(stderr, "spawn-fcgi: Are you nuts ? Don't apply a SUID bit to this binary\n");
return -1;
}

Loading…
Cancel
Save