Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/lighttpd/patches/01-drop_privileges.patch
author Petr Sumbera <petr.sumbera@oracle.com>
Wed, 12 Oct 2016 06:26:22 -0700
branchs11u3-sru
changeset 7159 59b406bc4a3a
parent 2925 d64f6e80d9b1
permissions -rw-r--r--
24688963 Upgrade lighttpd to version 1.4.41 24688996 problem in UTILITY/LIGHTTPD

Developed in-house, fed back, awaiting accept.
http://redmine.lighttpd.net/issues/2532
Solaris-specific: in order to start Lighttpd as non-root
user, initial user needs elevated privileges. Those
privileges are unnecessary and should be dropped.

--- src/network.c
+++ src/network.c
@@ -23,6 +23,8 @@
 #include <stdlib.h>
 #include <assert.h>
 
+#include <priv.h>
+
 #ifdef USE_OPENSSL
 # include <openssl/ssl.h>
 # include <openssl/err.h>
@@ -677,6 +679,8 @@
 	size_t i, j;
 	network_backend_t backend;
 
+	priv_set_t *tset;
+
 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
 #ifndef OPENSSL_NO_ECDH
 	EC_KEY *ecdh;
@@ -1082,6 +1086,16 @@
 		}
 	}
 
+	/* here we drop privileges we won't need any more */
+	tset = priv_allocset();
+	priv_emptyset(tset);
+	priv_addset(tset, PRIV_NET_PRIVADDR);
+	if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) {
+		perror("Unable to set privileges: ");
+		return -1;
+	}
+	
+
 	return 0;
 }
upstream/oracle/userland-gate