| author | pkidd <patrick.kidd@oracle.com> |
| Mon, 14 Nov 2016 09:18:36 -0800 | |
| branch | s11u3-sru |
| changeset 7296 | 6621c1e920db |
| parent 6722 | f675056be479 |
| permissions | -rw-r--r-- |
|
3877
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
1 |
Patch origin: in-house |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
2 |
Patch status: Solaris-specific; not suitable for upstream |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
3 |
|
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
4 |
Drops extra privilege which was given via SMF manifest file. |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
5 |
|
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
6 |
--- server/main.c |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
7 |
+++ server/main.c |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
8 |
@@ -45,6 +45,8 @@ |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
9 |
#include <unistd.h> |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
10 |
#endif |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
11 |
|
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
12 |
+#include <priv.h> |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
13 |
+ |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
14 |
/* WARNING: Win32 binds http_main.c dynamically to the server. Please place |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
15 |
* extern functions and global data in another appropriate module. |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
16 |
* |
|
6722
f675056be479
24353766 Upgrade Apache Web Server to version 2.4.23
Petr Sumbera <petr.sumbera@oracle.com>
parents:
3877
diff
changeset
|
17 |
@@ -454,6 +456,7 @@ |
|
3877
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
18 |
apr_status_t rv; |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
19 |
module **mod; |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
20 |
const char *opt_arg; |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
21 |
+ priv_set_t *tset; |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
22 |
APR_OPTIONAL_FN_TYPE(ap_signal_server) *signal_server; |
|
6722
f675056be479
24353766 Upgrade Apache Web Server to version 2.4.23
Petr Sumbera <petr.sumbera@oracle.com>
parents:
3877
diff
changeset
|
23 |
int rc = OK; |
|
3877
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
24 |
|
|
6722
f675056be479
24353766 Upgrade Apache Web Server to version 2.4.23
Petr Sumbera <petr.sumbera@oracle.com>
parents:
3877
diff
changeset
|
25 |
@@ -794,6 +912,17 @@ |
|
3877
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
26 |
|
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
27 |
ap_run_optional_fn_retrieve(); |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
28 |
|
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
29 |
+ |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
30 |
+ /* here we drop privileges we won't need any more */ |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
31 |
+ tset = priv_allocset(); |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
32 |
+ priv_emptyset(tset); |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
33 |
+ priv_addset(tset, PRIV_NET_PRIVADDR); |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
34 |
+ if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) {
|
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
35 |
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, NULL, |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
36 |
+ APLOGNO(00021) "Unable to drop unneeded privilege."); |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
37 |
+ destroy_and_exit_process(process, 1); |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
38 |
+ } |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
39 |
+ |
|
d7cb5bc8ee50
PSARC/2014/253 Apache 2.4 integration; EOF Apache 2.2
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
40 |
ap_main_state = AP_SQ_MS_RUN_MPM; |
|
6722
f675056be479
24353766 Upgrade Apache Web Server to version 2.4.23
Petr Sumbera <petr.sumbera@oracle.com>
parents:
3877
diff
changeset
|
41 |
rc = ap_run_mpm(pconf, plog, ap_server_conf); |
|
f675056be479
24353766 Upgrade Apache Web Server to version 2.4.23
Petr Sumbera <petr.sumbera@oracle.com>
parents:
3877
diff
changeset
|
42 |