equal
deleted
inserted
replaced
|
1 Patch origin: in-house |
|
2 Patch status: Solaris-specific; not suitable for upstream |
|
3 |
|
4 Drops extra privilege which was given via SMF manifest file. |
|
5 |
|
6 --- server/main.c |
|
7 +++ server/main.c |
|
8 @@ -45,6 +45,8 @@ |
|
9 #include <unistd.h> |
|
10 #endif |
|
11 |
|
12 +#include <priv.h> |
|
13 + |
|
14 /* WARNING: Win32 binds http_main.c dynamically to the server. Please place |
|
15 * extern functions and global data in another appropriate module. |
|
16 * |
|
17 @@ -452,6 +454,7 @@ |
|
18 apr_status_t rv; |
|
19 module **mod; |
|
20 const char *opt_arg; |
|
21 + priv_set_t *tset; |
|
22 APR_OPTIONAL_FN_TYPE(ap_signal_server) *signal_server; |
|
23 |
|
24 AP_MONCONTROL(0); /* turn off profiling of startup */ |
|
25 @@ -788,6 +806,17 @@ |
|
26 |
|
27 ap_run_optional_fn_retrieve(); |
|
28 |
|
29 + |
|
30 + /* here we drop privileges we won't need any more */ |
|
31 + tset = priv_allocset(); |
|
32 + priv_emptyset(tset); |
|
33 + priv_addset(tset, PRIV_NET_PRIVADDR); |
|
34 + if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) { |
|
35 + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, NULL, |
|
36 + APLOGNO(00021) "Unable to drop unneeded privilege."); |
|
37 + destroy_and_exit_process(process, 1); |
|
38 + } |
|
39 + |
|
40 ap_main_state = AP_SQ_MS_RUN_MPM; |
|
41 if (ap_run_mpm(pconf, plog, ap_server_conf) != OK) |
|
42 break; |