Browse Source

Fix problems with usernames starting with a digit and not existing uids; add warning if only user privs are dropped. (fixes #1959)

git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@42 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
master
Stefan Bühler 13 years ago
parent
commit
f3ea7f34be
  1. 1
      NEWS
  2. 23
      src/spawn-fcgi.c

1
NEWS

@ -6,6 +6,7 @@ NEWS
- 1.6.2 -
* Add homepage to README
* Add IPv6 support
* Fix problems with usernames starting with a digit and not existing uids; add warning if only user privs are dropped. (fixes #1959)
- 1.6.1 - 2009-03-29

23
src/spawn-fcgi.c

@ -339,13 +339,14 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
gid_t my_gid = 0;
struct passwd *my_pwd = NULL;
struct group *my_grp = NULL;
char *endptr = NULL;
*uid = 0; *gid = 0;
if (username) *username = NULL;
if (user) {
my_uid = strtol(user, NULL, 10);
my_uid = strtol(user, &endptr, 10);
if (my_uid <= 0) {
if (my_uid <= 0 || *endptr) {
if (NULL == (my_pwd = getpwnam(user))) {
fprintf(stderr, "spawn-fcgi: can't find user name %s\n", user);
return -1;
@ -360,14 +361,14 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
if (username) *username = user;
} else {
my_pwd = getpwuid(my_uid);
if (username) *username = my_pwd->pw_name;
if (username && my_pwd) *username = my_pwd->pw_name;
}
}
if (group) {
my_gid = strtol(group, NULL, 10);
my_gid = strtol(group, &endptr, 10);
if (my_gid <= 0) {
if (my_gid <= 0 || *endptr) {
if (NULL == (my_grp = getgrnam(group))) {
fprintf(stderr, "spawn-fcgi: can't find group name %s\n", group);
return -1;
@ -439,6 +440,7 @@ int main(int argc, char **argv) {
*sockusername = NULL, *sockgroupname = NULL, *fcgi_dir = NULL,
*addr = NULL;
char **fcgi_app_argv = { NULL };
char *endptr = NULL;
unsigned short port = 0;
int sockmode = -1;
int child_count = -1;
@ -462,7 +464,12 @@ int main(int argc, char **argv) {
case 'f': fcgi_app = optarg; break;
case 'd': fcgi_dir = optarg; break;
case 'a': addr = optarg;/* ip addr */ break;
case 'p': port = strtol(optarg, NULL, 10);/* port */ break;
case 'p': port = strtol(optarg, &endptr, 10);/* port */
if (*endptr) {
fprintf(stderr, "spawn-fcgi: invalid port: %u\n", (unsigned int) port);
return -1;
}
break;
case 'C': child_count = strtol(optarg, NULL, 10);/* */ break;
case 'F': fork_count = strtol(optarg, NULL, 10);/* */ break;
case 's': unixsocket = optarg; /* unix-domain socket */ break;
@ -557,6 +564,10 @@ int main(int argc, char **argv) {
if (-1 == find_user_group(sockusername, sockgroupname, &sockuid, &sockgid, NULL))
return -1;
if (uid != 0 && gid == 0) {
fprintf(stderr, "spawn-fcgi: WARNING: couldn't find the user for uid %i and no group was specified, so only the user privileges will be dropped\n", (int) uid);
}
if (0 == sockuid) sockuid = uid;
if (0 == sockgid) sockgid = gid;

Loading…
Cancel
Save