mirror of
https://gitlab.xiph.org/xiph/icecast-server.git
synced 2024-06-23 06:25:24 +00:00
updated chroot and setuid/gid support. Thanks to d26264b9 for reporting. close #2096
svn path=/icecast/trunk/icecast/; revision=19365
This commit is contained in:
parent
23a47c8ffc
commit
7a27cacf0b
|
@ -42,6 +42,8 @@ AC_CHECK_FUNCS([strcasestr])
|
||||||
AC_CHECK_FUNCS([gethostname])
|
AC_CHECK_FUNCS([gethostname])
|
||||||
AC_CHECK_FUNCS([uname])
|
AC_CHECK_FUNCS([uname])
|
||||||
AC_CHECK_FUNCS([setenv])
|
AC_CHECK_FUNCS([setenv])
|
||||||
|
AC_CHECK_FUNCS([setresuid])
|
||||||
|
AC_CHECK_FUNCS([setresgid])
|
||||||
|
|
||||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||||
XIPH_C__FUNC__
|
XIPH_C__FUNC__
|
||||||
|
|
21
src/main.c
21
src/main.c
|
@ -389,9 +389,8 @@ static void _ch_root_uid_setup(void)
|
||||||
if(getuid()) /* root check */
|
if(getuid()) /* root check */
|
||||||
{
|
{
|
||||||
fprintf(stderr, "WARNING: Cannot change server root unless running as root.\n");
|
fprintf(stderr, "WARNING: Cannot change server root unless running as root.\n");
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
if(chroot(conf->base_dir))
|
if(chroot(conf->base_dir) == -1 || chdir("/") == -1)
|
||||||
{
|
{
|
||||||
fprintf(stderr,"WARNING: Couldn't change server root: %s\n", strerror(errno));
|
fprintf(stderr,"WARNING: Couldn't change server root: %s\n", strerror(errno));
|
||||||
return;
|
return;
|
||||||
|
@ -412,18 +411,28 @@ static void _ch_root_uid_setup(void)
|
||||||
}
|
}
|
||||||
|
|
||||||
if(uid != (uid_t)-1 && gid != (gid_t)-1) {
|
if(uid != (uid_t)-1 && gid != (gid_t)-1) {
|
||||||
if(!setgid(gid))
|
#ifdef HAVE_SETRESGID
|
||||||
|
if(!setresgid(gid, gid, gid)) {
|
||||||
|
#else
|
||||||
|
if(!setgid(gid)) {
|
||||||
|
#endif
|
||||||
fprintf(stdout, "Changed groupid to %i.\n", (int)gid);
|
fprintf(stdout, "Changed groupid to %i.\n", (int)gid);
|
||||||
else
|
} else {
|
||||||
fprintf(stdout, "Error changing groupid: %s.\n", strerror(errno));
|
fprintf(stdout, "Error changing groupid: %s.\n", strerror(errno));
|
||||||
|
}
|
||||||
if(!initgroups(conf->user, gid))
|
if(!initgroups(conf->user, gid))
|
||||||
fprintf(stdout, "Changed supplementary groups based on user: %s.\n", conf->user);
|
fprintf(stdout, "Changed supplementary groups based on user: %s.\n", conf->user);
|
||||||
else
|
else
|
||||||
fprintf(stdout, "Error changing supplementary groups: %s.\n", strerror(errno));
|
fprintf(stdout, "Error changing supplementary groups: %s.\n", strerror(errno));
|
||||||
if(!setuid(uid))
|
#ifdef HAVE_SETRESUID
|
||||||
|
if(!setresuid(uid, uid, uid)) {
|
||||||
|
#else
|
||||||
|
if(!setuid(uid)) {
|
||||||
|
#endif
|
||||||
fprintf(stdout, "Changed userid to %i.\n", (int)uid);
|
fprintf(stdout, "Changed userid to %i.\n", (int)uid);
|
||||||
else
|
} else {
|
||||||
fprintf(stdout, "Error changing userid: %s.\n", strerror(errno));
|
fprintf(stdout, "Error changing userid: %s.\n", strerror(errno));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue
Block a user