Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/lighttpd/patches/01-drop_privileges.patch
author Petr Sumbera <petr.sumbera@oracle.com>
Mon, 19 Sep 2016 05:51:20 -0700
changeset 7006 eb24eb49f7c4
parent 5738 fc0e1d002c9e
permissions -rw-r--r--
24688963 Upgrade lighttpd to version 1.4.41 24688996 problem in UTILITY/LIGHTTPD
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1571
7422f066784c 17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff changeset 
     1
 
Developed in-house, fed back, awaiting accept.
7422f066784c 17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff changeset 
     2
 
http://redmine.lighttpd.net/issues/2532
7422f066784c 17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff changeset 
     3
 
Solaris-specific: in order to start Lighttpd as non-root
7422f066784c 17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff changeset 
     4
 
user, initial user needs elevated privileges. Those
7422f066784c 17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff changeset 
     5
 
privileges are unnecessary and should be dropped.
7422f066784c 17600553 Upgrade lighttpd to version 1.4.33
Jiri Kukacka <jiri.kukacka@oracle.com>
parents:
diff changeset 
     6
 







5738






fc0e1d002c9e
23061200 Upgrade lighttpd to version 1.4.39



Petr Sumbera <petr.sumbera@oracle.com>


parents: 
1571

diff
changeset




     7


--- src/network.c













fc0e1d002c9e
23061200 Upgrade lighttpd to version 1.4.39



Petr Sumbera <petr.sumbera@oracle.com>


parents: 
1571

diff
changeset




     8


+++ src/network.c








7006






eb24eb49f7c4
24688963 Upgrade lighttpd to version 1.4.41



Petr Sumbera <petr.sumbera@oracle.com>


parents: 
5738

diff
changeset




     9


@@ -23,6 +23,8 @@








1571






7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    10


 #include <stdlib.h>













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    11


 #include <assert.h>













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    12


 













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    13


+#include <priv.h>













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    14


+













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    15


 #ifdef USE_OPENSSL













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    16


 # include <openssl/ssl.h>













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    17


 # include <openssl/err.h>








7006






eb24eb49f7c4
24688963 Upgrade lighttpd to version 1.4.41



Petr Sumbera <petr.sumbera@oracle.com>


parents: 
5738

diff
changeset




    18


@@ -677,6 +679,8 @@








5738






fc0e1d002c9e
23061200 Upgrade lighttpd to version 1.4.39



Petr Sumbera <petr.sumbera@oracle.com>


parents: 
1571

diff
changeset




    19


 	size_t i, j;








1571






7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    20


 	network_backend_t backend;













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    21


 













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    22


+	priv_set_t *tset;













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    23


+













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    24


 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    25


 #ifndef OPENSSL_NO_ECDH













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    26


 	EC_KEY *ecdh;








7006






eb24eb49f7c4
24688963 Upgrade lighttpd to version 1.4.41



Petr Sumbera <petr.sumbera@oracle.com>


parents: 
5738

diff
changeset




    27


@@ -1082,6 +1086,16 @@








1571






7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    28


 		}













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    29


 	}













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    30


 













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    31


+	/* here we drop privileges we won't need any more */













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    32


+	tset = priv_allocset();













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    33


+	priv_emptyset(tset);













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    34


+	priv_addset(tset, PRIV_NET_PRIVADDR);













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    35


+	if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) {













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    36


+		perror("Unable to set privileges: ");













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    37


+		return -1;













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    38


+	}













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    39


+	













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    40


+













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    41


 	return 0;













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    42


 }













7422f066784c
17600553 Upgrade lighttpd to version 1.4.33



Jiri Kukacka <jiri.kukacka@oracle.com>


parents: 

diff
changeset




    43


 















upstream/oracle/userland-gate