aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Bühler <stbuehler@web.de>2014-06-01 11:43:18 +0000
committerStefan Bühler <stbuehler@web.de>2014-06-01 11:43:18 +0000
commit91081248428c55a7ced9f42868557ce6c7637d15 (patch)
tree0782942a6ba0bc046280bb239217dbd5996cf8a7
parent3046f259cbe3bfdbc51ceaaf983ed22be5b763de (diff)
downloadspawn-fcgi-91081248428c55a7ced9f42868557ce6c7637d15.tar.gz
spawn-fcgi-91081248428c55a7ced9f42868557ce6c7637d15.zip
Restrict Unix socket file ownership by default to ug=rw
* default mode is now 0660 & ~umask * chmod before chown: don't break apparmor profiles that didn't have `capability fowner` (which would be required now as chmod always triggers). This might lead to SUID and SGID bits getting cleared. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@59 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
-rw-r--r--NEWS1
-rw-r--r--spawn-fcgi.13
-rw-r--r--src/spawn-fcgi.c27
3 files changed, 20 insertions, 11 deletions
diff --git a/NEWS b/NEWS
index af3b508..048f745 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,7 @@ NEWS
- 1.6.4 -
* Use octal mode for -M (patch by dfjoerg)
* Add -b backlog option (fixes #2422, patch by aschmitz)
+ * Restrict Unix socket file ownership by default to ug=rw
- 1.6.3 - 2009-09-23
* Fix unix socket mode change to work without specifying user/group for socket
diff --git a/spawn-fcgi.1 b/spawn-fcgi.1
index f5ad14f..68eaf61 100644
--- a/spawn-fcgi.1
+++ b/spawn-fcgi.1
@@ -82,7 +82,8 @@ Name of the PID file for spawned processes (ignored in no-fork mode)
No forking should take place (for daemontools)
.TP 8
.B \-M <mode>
-Change file mode of the Unix domain socket; only used if \-s is given too.
+Change file mode of the Unix domain socket (octal integer); only used if \-s is given too.
+Defaults to read+write for user and group (0660) as far as the umask allows it.
.TP 8
.B \-?, \-h
General usage instructions
diff --git a/src/spawn-fcgi.c b/src/spawn-fcgi.c
index 7f3f594..a756a31 100644
--- a/src/spawn-fcgi.c
+++ b/src/spawn-fcgi.c
@@ -79,7 +79,13 @@ static int issetugid() {
#define CONST_STR_LEN(s) s, sizeof(s) - 1
-static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, int mode, int backlog) {
+static mode_t read_umask(void) {
+ mode_t mask = umask(0);
+ umask(mask);
+ return mask;
+}
+
+static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, mode_t mode, int backlog) {
int fcgi_fd, socket_type, val;
struct sockaddr_un fcgi_addr_un;
@@ -189,6 +195,13 @@ static int bind_socket(const char *addr, unsigned short port, const char *unixso
}
if (unixsocket) {
+ if (-1 == chmod(unixsocket, mode)) {
+ fprintf(stderr, "spawn-fcgi: couldn't chmod socket: %s\n", strerror(errno));
+ close(fcgi_fd);
+ unlink(unixsocket);
+ return -1;
+ }
+
if (0 != uid || 0 != gid) {
if (0 == uid) uid = -1;
if (0 == gid) gid = -1;
@@ -199,13 +212,6 @@ static int bind_socket(const char *addr, unsigned short port, const char *unixso
return -1;
}
}
-
- if (-1 != mode && -1 == chmod(unixsocket, mode)) {
- fprintf(stderr, "spawn-fcgi: couldn't chmod socket: %s\n", strerror(errno));
- close(fcgi_fd);
- unlink(unixsocket);
- return -1;
- }
}
if (-1 == listen(fcgi_fd, backlog)) {
@@ -423,7 +429,8 @@ static void show_help () {
" -a <address> bind to IPv4/IPv6 address (defaults to 0.0.0.0)\n" \
" -p <port> bind to TCP-port\n" \
" -s <path> bind to Unix domain socket\n" \
- " -M <mode> change Unix domain socket mode\n" \
+ " -M <mode> change Unix domain socket mode (octal integer, default: allow\n" \
+ " read+write for user and group as far as umask allows it) \n" \
" -C <children> (PHP only) numbers of childs to spawn (default: not setting\n" \
" the PHP_FCGI_CHILDREN environment variable - PHP defaults to 0)\n" \
" -F <children> number of children to fork (default 1)\n" \
@@ -453,7 +460,7 @@ int main(int argc, char **argv) {
char **fcgi_app_argv = { NULL };
char *endptr = NULL;
unsigned short port = 0;
- int sockmode = -1;
+ mode_t sockmode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) & ~read_umask();
int child_count = -1;
int fork_count = 1;
int backlog = 1024;