You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pq...@apache.org on 2008/10/30 01:57:45 UTC
svn commit: r709067 - /httpd/httpd/trunk/modules/arch/unix/mod_unixd.c
Author: pquerna
Date: Wed Oct 29 17:57:45 2008
New Revision: 709067
URL: http://svn.apache.org/viewvc?rev=709067&view=rev
Log:
Change the child_init hook to a drop_privileges hook for mod_unixd.
Modified:
httpd/httpd/trunk/modules/arch/unix/mod_unixd.c
Modified: httpd/httpd/trunk/modules/arch/unix/mod_unixd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/unix/mod_unixd.c?rev=709067&r1=709066&r2=709067&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/arch/unix/mod_unixd.c (original)
+++ httpd/httpd/trunk/modules/arch/unix/mod_unixd.c Wed Oct 29 17:57:45 2008
@@ -49,6 +49,7 @@
#include <sys/prctl.h>
#endif
+#include "simple_api.h"
#ifndef DEFAULT_USER
#define DEFAULT_USER "#-1"
@@ -126,33 +127,42 @@
}
-static void
-unixd_setup_child(apr_pool_t *pool, server_rec *s)
+static int
+unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
{
- if (set_group_privs()) {
- return;
+ int rv = set_group_privs();
+
+ if (rv) {
+ return rv;
}
if (NULL != unixd_config.chroot_dir) {
if (geteuid()) {
+ rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
"Cannot chroot when not started as root");
- return;
+ return rv;
}
+
if (chdir(unixd_config.chroot_dir) != 0) {
+ rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
"Can't chdir to %s", unixd_config.chroot_dir);
- return;
+ return rv;
}
+
if (chroot(unixd_config.chroot_dir) != 0) {
+ rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
"Can't chroot to %s", unixd_config.chroot_dir);
- return;
+ return rv;
}
+
if (chdir("/") != 0) {
+ rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
"Can't chdir to new root");
- return;
+ return rv;
}
}
@@ -162,10 +172,11 @@
GETPRIVMODE();
if (setuid(unixd_config.user_id) == -1) {
GETUSERMODE();
+ rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
"setuid: unable to change to uid: %ld",
(long) unixd_config.user_id);
- exit(1);
+ return rv;
}
GETUSERMODE();
}
@@ -176,24 +187,29 @@
os_init_job_environment(NULL, unixd_config.user_name, ap_exists_config_define("DEBUG")) != 0 ||
#endif
setuid(unixd_config.user_id) == -1)) {
+ rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
"setuid: unable to change to uid: %ld",
(long) unixd_config.user_id);
- return;
+ return rv;
}
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/* this applies to Linux 2.4+ */
#ifdef AP_MPM_WANT_SET_COREDUMPDIR
if (ap_coredumpdir_configured) {
if (prctl(PR_SET_DUMPABLE, 1)) {
+ rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
"set dumpable failed - this child will not coredump"
" after software errors");
+ return rv;
}
}
#endif
#endif
#endif
+
+ return OK;
}
@@ -272,7 +288,8 @@
ap_hook_pre_config(unixd_pre_config,
NULL, NULL, APR_HOOK_FIRST);
- ap_hook_child_init(unixd_setup_child, NULL, NULL, APR_HOOK_FIRST);
+ ap_hook_simple_drop_privileges(unixd_drop_privileges,
+ NULL, NULL, APR_HOOK_FIRST);
}
static const command_rec unixd_cmds[] = {