| author | Petr Sumbera <petr.sumbera@oracle.com> |
| Thu, 11 Sep 2014 12:35:18 -0700 | |
| changeset 2079 | 46ce7840065c |
| child 5828 | 5009deba8bc0 |
| child 6722 | f675056be479 |
| permissions | -rw-r--r-- |
|
2079
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
1 |
Patch origin: in-house |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
2 |
Patch status: Solaris-specific; not suitable for upstream |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
3 |
|
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
4 |
Drops extra privilege which was given via SMF manifest file. |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
5 |
|
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
6 |
--- server/main.c |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
7 |
+++ server/main.c |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
8 |
@@ -45,6 +45,8 @@ |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
9 |
#include <unistd.h> |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
10 |
#endif |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
11 |
|
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
12 |
+#include <priv.h> |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
13 |
+ |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
14 |
/* WARNING: Win32 binds http_main.c dynamically to the server. Please place |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
15 |
* extern functions and global data in another appropriate module. |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
16 |
* |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
17 |
@@ -452,6 +454,7 @@ |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
18 |
apr_status_t rv; |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
19 |
module **mod; |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
20 |
const char *opt_arg; |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
21 |
+ priv_set_t *tset; |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
22 |
APR_OPTIONAL_FN_TYPE(ap_signal_server) *signal_server; |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
23 |
|
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
24 |
AP_MONCONTROL(0); /* turn off profiling of startup */ |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
25 |
@@ -788,6 +806,17 @@ |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
26 |
|
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
27 |
ap_run_optional_fn_retrieve(); |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
28 |
|
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
29 |
+ |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
30 |
+ /* here we drop privileges we won't need any more */ |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
31 |
+ tset = priv_allocset(); |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
32 |
+ priv_emptyset(tset); |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
33 |
+ priv_addset(tset, PRIV_NET_PRIVADDR); |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
34 |
+ if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) {
|
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
35 |
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, NULL, |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
36 |
+ APLOGNO(00021) "Unable to drop unneeded privilege."); |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
37 |
+ destroy_and_exit_process(process, 1); |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
38 |
+ } |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
39 |
+ |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
40 |
ap_main_state = AP_SQ_MS_RUN_MPM; |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
41 |
if (ap_run_mpm(pconf, plog, ap_server_conf) != OK) |
|
46ce7840065c
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
42 |
break; |