| author | Jiri Kukacka <jiri.kukacka@oracle.com> |
| Thu, 09 Jan 2014 03:35:51 -0800 | |
| branch | s11-update |
| changeset 2925 | d64f6e80d9b1 |
| child 5738 | fc0e1d002c9e |
| child 7159 | 59b406bc4a3a |
| permissions | -rw-r--r-- |
|
2925
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
1 |
Developed in-house, fed back, awaiting accept. |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
2 |
http://redmine.lighttpd.net/issues/2532 |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
3 |
Solaris-specific: in order to start Lighttpd as non-root |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
4 |
user, initial user needs elevated privileges. Those |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
5 |
privileges are unnecessary and should be dropped. |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
6 |
|
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
7 |
--- src/network.c 2013-08-30 04:07:05.000000000 -0700 |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
8 |
+++ src/network.c 2013-10-22 04:07:55.193853968 -0700 |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
9 |
@@ -21,6 +21,8 @@ |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
10 |
#include <stdlib.h> |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
11 |
#include <assert.h> |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
12 |
|
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
13 |
+#include <priv.h> |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
14 |
+ |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
15 |
#ifdef USE_OPENSSL |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
16 |
# include <openssl/ssl.h> |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
17 |
# include <openssl/err.h> |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
18 |
@@ -497,6 +499,8 @@ |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
19 |
size_t i; |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
20 |
network_backend_t backend; |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
21 |
|
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
22 |
+ priv_set_t *tset; |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
23 |
+ |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
24 |
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
25 |
#ifndef OPENSSL_NO_ECDH |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
26 |
EC_KEY *ecdh; |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
27 |
@@ -877,6 +881,16 @@ |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
28 |
} |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
29 |
} |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
30 |
|
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
31 |
+ /* here we drop privileges we won't need any more */ |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
32 |
+ tset = priv_allocset(); |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
33 |
+ priv_emptyset(tset); |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
34 |
+ priv_addset(tset, PRIV_NET_PRIVADDR); |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
35 |
+ if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) {
|
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
36 |
+ perror("Unable to set privileges: ");
|
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
37 |
+ return -1; |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
38 |
+ } |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
39 |
+ |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
40 |
+ |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
41 |
return 0; |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
42 |
} |
|
d64f6e80d9b1
17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff
changeset
|
43 |