Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/lighttpd/patches/01-drop_privileges.patch
author Petr Sumbera <petr.sumbera@oracle.com>
Tue, 05 Apr 2016 05:41:03 -0700
changeset 5738 fc0e1d002c9e
parent 1571 7422f066784c
child 7006 eb24eb49f7c4
permissions -rw-r--r--
23061200 Upgrade lighttpd to version 1.4.39

Developed in-house, fed back, awaiting accept.
http://redmine.lighttpd.net/issues/2532
Solaris-specific: in order to start Lighttpd as non-root
user, initial user needs elevated privileges. Those
privileges are unnecessary and should be dropped.

--- src/network.c
+++ src/network.c
@@ -21,6 +21,8 @@
 #include <stdlib.h>
 #include <assert.h>
 
+#include <priv.h>
+
 #ifdef USE_OPENSSL
 # include <openssl/ssl.h>
 # include <openssl/err.h>
@@ -615,6 +617,8 @@
 	size_t i, j;
 	network_backend_t backend;
 
+	priv_set_t *tset;
+
 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
 #ifndef OPENSSL_NO_ECDH
 	EC_KEY *ecdh;
@@ -1005,6 +1009,16 @@
 		}
 	}
 
+	/* here we drop privileges we won't need any more */
+	tset = priv_allocset();
+	priv_emptyset(tset);
+	priv_addset(tset, PRIV_NET_PRIVADDR);
+	if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) {
+		perror("Unable to set privileges: ");
+		return -1;
+	}
+	
+
 	return 0;
 }
upstream/oracle/userland-gate