You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2008/11/03 01:46:55 UTC
svn commit: r709993 - in /httpd/httpd/trunk: include/ modules/arch/unix/
server/ server/mpm/experimental/event/ server/mpm/prefork/
server/mpm/simple/ server/mpm/worker/
Author: niq
Date: Sun Nov 2 16:46:54 2008
New Revision: 709993
URL: http://svn.apache.org/viewvc?rev=709993&view=rev
Log:
Switch all unix MPMs to use drop_privileges hook (mod_unixd) for startup
and add a flag to prevent running without any module taking responsibility
for managing system privileges!
Removed:
httpd/httpd/trunk/server/mpm/simple/simple_api.h
Modified:
httpd/httpd/trunk/include/mpm_common.h
httpd/httpd/trunk/modules/arch/unix/mod_unixd.c
httpd/httpd/trunk/server/core.c
httpd/httpd/trunk/server/mpm/experimental/event/event.c
httpd/httpd/trunk/server/mpm/prefork/prefork.c
httpd/httpd/trunk/server/mpm/simple/simple_api.c
httpd/httpd/trunk/server/mpm/simple/simple_run.c
httpd/httpd/trunk/server/mpm/worker/worker.c
httpd/httpd/trunk/server/mpm_common.c
Modified: httpd/httpd/trunk/include/mpm_common.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/mpm_common.h?rev=709993&r1=709992&r2=709993&view=diff
==============================================================================
--- httpd/httpd/trunk/include/mpm_common.h (original)
+++ httpd/httpd/trunk/include/mpm_common.h Sun Nov 2 16:46:54 2008
@@ -364,6 +364,10 @@
AP_DECLARE_HOOK(int,monitor,(apr_pool_t *p))
+/* register modules that undertake to manage system security */
+extern int sys_privileges;
+AP_DECLARE_HOOK(int, drop_privileges, (apr_pool_t * pchild, server_rec * s))
+
#ifdef __cplusplus
}
#endif
Modified: httpd/httpd/trunk/modules/arch/unix/mod_unixd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/unix/mod_unixd.c?rev=709993&r1=709992&r2=709993&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/arch/unix/mod_unixd.c (original)
+++ httpd/httpd/trunk/modules/arch/unix/mod_unixd.c Sun Nov 2 16:46:54 2008
@@ -49,8 +49,6 @@
#include <sys/prctl.h>
#endif
-#include "simple_api.h"
-
#ifndef DEFAULT_USER
#define DEFAULT_USER "#-1"
#endif
@@ -281,6 +279,7 @@
unixd_config.chroot_dir = NULL; /* none */
+ ++sys_privileges;
return OK;
}
@@ -289,8 +288,8 @@
ap_hook_pre_config(unixd_pre_config,
NULL, NULL, APR_HOOK_FIRST);
- ap_hook_simple_drop_privileges(unixd_drop_privileges,
- NULL, NULL, APR_HOOK_FIRST);
+ ap_hook_drop_privileges(unixd_drop_privileges,
+ NULL, NULL, APR_HOOK_FIRST);
}
static const command_rec unixd_cmds[] = {
Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=709993&r1=709992&r2=709993&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Sun Nov 2 16:46:54 2008
@@ -3884,6 +3884,22 @@
return DONE;
}
+/* Insist that at least one module will undertake to provide system
+ * security by dropping startup privileges.
+ */
+AP_DECLARE(int) sys_privileges = 0;
+static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
+{
+ if (!sys_privileges) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,
+ "Server MUST relinquish startup privileges before "
+ "accepting connections. Please ensure mod_unixd "
+ "or other system security module is loaded.");
+ return !OK;
+ }
+ return OK;
+}
+
static void register_hooks(apr_pool_t *p)
{
/* create_connection and install_transport_filters are
@@ -3896,6 +3912,7 @@
ap_hook_pre_connection(core_pre_connection, NULL, NULL,
APR_HOOK_REALLY_LAST);
+ ap_hook_pre_config(core_pre_config,NULL,NULL,APR_HOOK_LAST);
ap_hook_post_config(core_post_config,NULL,NULL,APR_HOOK_REALLY_FIRST);
ap_hook_translate_name(ap_core_translate,NULL,NULL,APR_HOOK_REALLY_LAST);
ap_hook_map_to_storage(core_map_to_storage,NULL,NULL,APR_HOOK_REALLY_LAST);
Modified: httpd/httpd/trunk/server/mpm/experimental/event/event.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/experimental/event/event.c?rev=709993&r1=709992&r2=709993&view=diff
==============================================================================
--- httpd/httpd/trunk/server/mpm/experimental/event/event.c (original)
+++ httpd/httpd/trunk/server/mpm/experimental/event/event.c Sun Nov 2 16:46:54 2008
@@ -1575,7 +1575,7 @@
/*stuff to do before we switch id's, so we have permissions. */
ap_reopen_scoreboard(pchild, NULL, 0);
- if (unixd_setup_child()) {
+ if (ap_run_drop_privileges(pchild, ap_server_conf)) {
clean_child_exit(APEXIT_CHILDFATAL);
}
Modified: httpd/httpd/trunk/server/mpm/prefork/prefork.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/prefork/prefork.c?rev=709993&r1=709992&r2=709993&view=diff
==============================================================================
--- httpd/httpd/trunk/server/mpm/prefork/prefork.c (original)
+++ httpd/httpd/trunk/server/mpm/prefork/prefork.c Sun Nov 2 16:46:54 2008
@@ -473,7 +473,7 @@
clean_child_exit(APEXIT_CHILDFATAL);
}
- if (unixd_setup_child()) {
+ if (ap_run_drop_privileges(pchild, ap_server_conf)) {
clean_child_exit(APEXIT_CHILDFATAL);
}
Modified: httpd/httpd/trunk/server/mpm/simple/simple_api.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/simple/simple_api.c?rev=709993&r1=709992&r2=709993&view=diff
==============================================================================
--- httpd/httpd/trunk/server/mpm/simple/simple_api.c (original)
+++ httpd/httpd/trunk/server/mpm/simple/simple_api.c Sun Nov 2 16:46:54 2008
@@ -25,7 +25,6 @@
#include "simple_types.h"
#include "simple_run.h"
#include "http_core.h"
-#include "simple_api.h"
/* Thie file contains the absolute minimal MPM API, to interface with httpd. */
@@ -33,13 +32,6 @@
server_rec *ap_server_conf = NULL;
-APR_HOOK_STRUCT(APR_HOOK_LINK(simple_drop_privileges)
- )
-
-AP_IMPLEMENT_HOOK_RUN_ALL(int, simple_drop_privileges,
- (apr_pool_t * pchild, server_rec * s),
- (pchild, s), OK, DECLINED)
-
int ap_mpm_run(apr_pool_t * pconf, apr_pool_t * plog, server_rec * s)
{
simple_core_t *sc = simple_core_get();
Modified: httpd/httpd/trunk/server/mpm/simple/simple_run.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/simple/simple_run.c?rev=709993&r1=709992&r2=709993&view=diff
==============================================================================
--- httpd/httpd/trunk/server/mpm/simple/simple_run.c (original)
+++ httpd/httpd/trunk/server/mpm/simple/simple_run.c Sun Nov 2 16:46:54 2008
@@ -27,7 +27,6 @@
#include "scoreboard.h"
#include "ap_listen.h"
-#include "simple_api.h"
#include "mpm.h"
/**
@@ -240,11 +239,11 @@
static int simple_setup_privs(simple_core_t * sc)
{
- int rv = ap_run_simple_drop_privileges(sc->pool, ap_server_conf);
+ int rv = ap_run_drop_privileges(sc->pool, ap_server_conf);
if (rv) {
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL,
- "simple_setup_privs: ap_run_simple_drop_privileges failed");
+ "simple_setup_privs: ap_run_drop_privileges failed");
return rv;
}
@@ -296,8 +295,7 @@
rv = simple_setup_privs(sc);
if (rv) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL,
- "simple_child_loop: simple_drop_privs failed");
+ /* simple_setup_privs already logged error */
return !OK;
}
Modified: httpd/httpd/trunk/server/mpm/worker/worker.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/worker/worker.c?rev=709993&r1=709992&r2=709993&view=diff
==============================================================================
--- httpd/httpd/trunk/server/mpm/worker/worker.c (original)
+++ httpd/httpd/trunk/server/mpm/worker/worker.c Sun Nov 2 16:46:54 2008
@@ -1143,7 +1143,7 @@
clean_child_exit(APEXIT_CHILDFATAL);
}
- if (unixd_setup_child()) {
+ if (ap_run_drop_privileges(pchild, ap_server_conf)) {
clean_child_exit(APEXIT_CHILDFATAL);
}
Modified: httpd/httpd/trunk/server/mpm_common.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm_common.c?rev=709993&r1=709992&r2=709993&view=diff
==============================================================================
--- httpd/httpd/trunk/server/mpm_common.c (original)
+++ httpd/httpd/trunk/server/mpm_common.c Sun Nov 2 16:46:54 2008
@@ -64,16 +64,21 @@
APR_HOOK_STRUCT(
APR_HOOK_LINK(fatal_exception)
APR_HOOK_LINK(monitor)
+ APR_HOOK_LINK(drop_privileges)
)
AP_IMPLEMENT_HOOK_RUN_ALL(int, fatal_exception,
(ap_exception_info_t *ei), (ei), OK, DECLINED)
#else
APR_HOOK_STRUCT(
APR_HOOK_LINK(monitor)
+ APR_HOOK_LINK(drop_privileges)
)
#endif
AP_IMPLEMENT_HOOK_RUN_ALL(int, monitor,
(apr_pool_t *p), (p), OK, DECLINED)
+AP_IMPLEMENT_HOOK_RUN_ALL(int, drop_privileges,
+ (apr_pool_t * pchild, server_rec * s),
+ (pchild, s), OK, DECLINED)
#ifdef AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
@@ -1299,4 +1304,3 @@
}
#endif /* AP_MPM_HAS_USER_CALLBACKS */
-
Re: svn commit: r709993 - in /httpd/httpd/trunk: include/ modules/arch/unix/ server/ server/mpm/experimental/event/ server/mpm/prefork/ server/mpm/simple/ server/mpm/worker/
Posted by Jim Jagielski <ji...@jaguNET.com>.
On Nov 2, 2008, at 9:47 PM, Paul Querna wrote:
> niq@apache.org wrote:
>> Author: niq
>> Date: Sun Nov 2 16:46:54 2008
>> New Revision: 709993
>> URL: http://svn.apache.org/viewvc?rev=709993&view=rev
>> Log:
>> Switch all unix MPMs to use drop_privileges hook (mod_unixd) for
>> startup
>> and add a flag to prevent running without any module taking
>> responsibility
>> for managing system privileges!
> ....
>> +/* register modules that undertake to manage system security */
>> +extern int sys_privileges;
> .....
>> + ++sys_privileges;
>> return OK;
>
> -0.9999999998
>
> No more global variables :(
>
+1 on the -0.9999999998
Re: svn commit: r709993 - in /httpd/httpd/trunk: include/ modules/arch/unix/
server/ server/mpm/experimental/event/ server/mpm/prefork/ server/mpm/simple/
server/mpm/worker/
Posted by Paul Querna <ch...@force-elite.com>.
niq@apache.org wrote:
> Author: niq
> Date: Sun Nov 2 16:46:54 2008
> New Revision: 709993
>
> URL: http://svn.apache.org/viewvc?rev=709993&view=rev
> Log:
> Switch all unix MPMs to use drop_privileges hook (mod_unixd) for startup
> and add a flag to prevent running without any module taking responsibility
> for managing system privileges!
....
> +/* register modules that undertake to manage system security */
> +extern int sys_privileges;
.....
> + ++sys_privileges;
> return OK;
-0.9999999998
No more global variables :(
-Paul