From 7a27cacf0b4709a6f49674bb836129fec35d6487 Mon Sep 17 00:00:00 2001 From: Philipp Schafft Date: Sat, 29 Nov 2014 10:34:07 +0000 Subject: [PATCH] updated chroot and setuid/gid support. Thanks to d26264b9 for reporting. close #2096 svn path=/icecast/trunk/icecast/; revision=19365 --- configure.in | 2 ++ src/main.c | 21 +++++++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/configure.in b/configure.in index 0935d2e4..157291c3 100644 --- a/configure.in +++ b/configure.in @@ -42,6 +42,8 @@ AC_CHECK_FUNCS([strcasestr]) AC_CHECK_FUNCS([gethostname]) AC_CHECK_FUNCS([uname]) AC_CHECK_FUNCS([setenv]) +AC_CHECK_FUNCS([setresuid]) +AC_CHECK_FUNCS([setresgid]) dnl Checks for typedefs, structures, and compiler characteristics. XIPH_C__FUNC__ diff --git a/src/main.c b/src/main.c index 3c016190..58926f76 100644 --- a/src/main.c +++ b/src/main.c @@ -389,9 +389,8 @@ static void _ch_root_uid_setup(void) if(getuid()) /* root check */ { fprintf(stderr, "WARNING: Cannot change server root unless running as root.\n"); - return; } - if(chroot(conf->base_dir)) + if(chroot(conf->base_dir) == -1 || chdir("/") == -1) { fprintf(stderr,"WARNING: Couldn't change server root: %s\n", strerror(errno)); return; @@ -412,18 +411,28 @@ static void _ch_root_uid_setup(void) } if(uid != (uid_t)-1 && gid != (gid_t)-1) { - if(!setgid(gid)) +#ifdef HAVE_SETRESGID + if(!setresgid(gid, gid, gid)) { +#else + if(!setgid(gid)) { +#endif fprintf(stdout, "Changed groupid to %i.\n", (int)gid); - else + } else { fprintf(stdout, "Error changing groupid: %s.\n", strerror(errno)); + } if(!initgroups(conf->user, gid)) fprintf(stdout, "Changed supplementary groups based on user: %s.\n", conf->user); else fprintf(stdout, "Error changing supplementary groups: %s.\n", strerror(errno)); - if(!setuid(uid)) +#ifdef HAVE_SETRESUID + if(!setresuid(uid, uid, uid)) { +#else + if(!setuid(uid)) { +#endif fprintf(stdout, "Changed userid to %i.\n", (int)uid); - else + } else { fprintf(stdout, "Error changing userid: %s.\n", strerror(errno)); + } } } #endif