/
suidback_server_groups.patch
54 lines (49 loc) · 1.29 KB
/
suidback_server_groups.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
--- mod_ruid2.c.orig 2011-02-24 23:25:28.000000000 +0900
+++ mod_ruid2.c 2011-10-21 16:06:53.000000000 +0900
@@ -78,10 +78,12 @@
typedef struct
{
+ int server_groups_size;
uid_t default_uid;
gid_t default_gid;
uid_t min_uid;
gid_t min_gid;
+ gid_t *server_groups;
int8_t stat_used;
const char *chroot_dir;
const char *document_root;
@@ -150,6 +152,8 @@
conf->stat_used=UNSET;
conf->chroot_dir=NULL;
conf->document_root=NULL;
+ conf->server_groups=NULL;
+ conf->server_groups_size=0;
return conf;
}
@@ -397,7 +401,11 @@
}
cap_free(cap);
- setgroups(0,NULL);
+ if (conf->server_groups_size == 0)
+ setgroups(0, NULL);
+ else
+ setgroups(conf->server_groups_size, conf->server_groups);
+
setgid(unixd_config.group_id);
setuid(unixd_config.user_id);
@@ -541,6 +549,16 @@
cap_t cap;
cap_value_t capval[2];
+ int gidsize;
+ gid_t *grouplist;
+
+ gidsize = getgroups(0, NULL);
+ grouplist = apr_pcalloc(r->pool, gidsize * sizeof(gid_t));
+ getgroups(gidsize, grouplist);
+
+ conf->server_groups = grouplist;
+ conf->server_groups_size = gidsize;
+
if (dconf->ruid_mode==RUID_MODE_STAT) capval[ncap++] = CAP_DAC_READ_SEARCH;
if (chroot_root != UNSET) capval[ncap++] = CAP_SYS_CHROOT;
if (ncap) {