aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Bühler <stbuehler@web.de>2009-03-26 16:29:29 +0000
committerStefan Bühler <stbuehler@web.de>2009-03-26 16:29:29 +0000
commite4294c3acf76299d58740e59008c874d79fc5d15 (patch)
tree20dcd6f1497819c497fd894d66ffb89c5bc3410e
parent4032861db1187cd73d964a220322b874e2b68f0b (diff)
downloadspawn-fcgi-e4294c3acf76299d58740e59008c874d79fc5d15.tar.gz
spawn-fcgi-e4294c3acf76299d58740e59008c874d79fc5d15.zip
Add proper SUID bit detection
git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@33 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
-rw-r--r--configure.ac4
-rw-r--r--src/CMakeLists.txt2
-rw-r--r--src/config.h.cmake2
-rw-r--r--src/spawn-fcgi.c11
4 files changed, 15 insertions, 4 deletions
diff --git a/configure.ac b/configure.ac
index 6a192e0..09f11cb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,17 +25,19 @@ AC_CHECK_HEADERS([arpa/inet.h errno.h fcntl.h getopt.h grp.h netdb.h \
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
+AC_TYPE_UID_T
AC_TYPE_PID_T
AC_HEADER_TIME
AC_CHECK_TYPES(socklen_t,,,[#include <sys/types.h>
#include <sys/socket.h>])
# Checks for library functions.
+AC_FUNC_CHOWN
AC_FUNC_FORK
AC_FUNC_MALLOC
AC_FUNC_SELECT_ARGTYPES
AC_FUNC_STAT
-AC_CHECK_FUNCS([dup2 memset putenv select socket strerror strtol])
+AC_CHECK_FUNCS([dup2 memset putenv select socket strerror strtol issetugid])
# check for extra compiler options (warning options)
if test "${GCC}" = "yes"; then
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index ef5b0da..2bb0c95 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -39,6 +39,8 @@ CHECK_INCLUDE_FILES(sys/wait.h HAVE_SYS_WAIT_H)
CHECK_INCLUDE_FILES(unistd.h HAVE_UNISTD_H)
CHECK_INCLUDE_FILES(winsock2.h HAVE_WINSOCK2_H)
+CHECK_FUNCTION_EXISTS(issetugid HAVE_ISSETUGID)
+
SET(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h)
CHECK_TYPE_SIZE(socklen_t HAVE_SOCKLEN_T)
SET(CMAKE_EXTRA_INCLUDE_FILES)
diff --git a/src/config.h.cmake b/src/config.h.cmake
index 3f072d5..74a41bd 100644
--- a/src/config.h.cmake
+++ b/src/config.h.cmake
@@ -30,3 +30,5 @@
#cmakedefine HAVE_UNISTD_H
#cmakedefine HAVE_WINSOCK
#cmakedefine HAVE_SOCKLEN_T
+
+#cmakedefine HAVE_ISSETUGID
diff --git a/src/spawn-fcgi.c b/src/spawn-fcgi.c
index 56aa617..45e9834 100644
--- a/src/spawn-fcgi.c
+++ b/src/spawn-fcgi.c
@@ -59,6 +59,12 @@
typedef int socklen_t;
#endif
+#ifndef HAVE_ISSETUGID
+static int issetugid() {
+ return (geteuid() != getuid() || getegid() != getgid());
+}
+#endif
+
static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, int mode) {
int fcgi_fd, socket_type, val;
@@ -467,9 +473,8 @@ int main(int argc, char **argv) {
return -1;
}
- /* UID handling */
- if (!i_am_root && (geteuid() == 0 || getegid() == 0)) {
- /* we are setuid-root */
+ /* SUID handling */
+ if (!i_am_root && issetugid()) {
fprintf(stderr, "spawn-fcgi: Are you nuts ? Don't apply a SUID bit to this binary\n");
return -1;
}