In case of <changeowner> only UID and GID were changed,
supplementary groups were left in place.
This is a potential security issue only if <changeowner> is used.
New behaviour is to set UID, GID and set supplementary groups
based on the UID
Even in case of icecast remaining in supplementary group 0
this "only" gives it things like access to files that are owned
by group 0 and according to their umask. This is obviously bad,
but not as bad as UID 0 with all its other special rights.
It's a security issue and we fix immediately and recommend users to update.
PS: Cherry picking this should be fine by distros for fixing older releases.
svn path=/icecast/trunk/icecast/; revision=19137
I've rethought the approach and found a much cleaner way.
We now split handling of command line arguments into two parts.
Only the critical part of getting the config file is done first (and -v as it prevents startup).
The rest (currently only -b) is deferred.
This achieves the important bit why #1886 was created.
It allows us to log error messages to stderr even if the -b argument is passed.
This is mainly for the case where the logfile or TCP port can't be opened.
svn path=/icecast/trunk/icecast/; revision=18945
was very easy for the intermediate files to clash between projects. The newer
libxml2/libxslt/libcurl also were causing some threading issues due to
library initialization
svn path=/icecast/trunk/icecast/; revision=14465
- logsize : specify in KB the max size of any of icecast log files
- logarchive : causes icecast to rename logs with timestamps (for proper archiving)
svn path=/icecast/trunk/icecast/; revision=10287
which can be used to handle authentication mechanisms without taking locks
for long periods. Non-authenticated mountpoints bypass the auth thread.
The lookup/checking of the source_t is done after the authentication succeeds
so the fallback mechanism does not affect which authenticator is used. This
can be extended to allow us to authenticate in webroot as well. XML re-read
changes will take effect immediately for new listeners but existing listeners
will use the original auth_t (refcounted) when they exit.
htpasswd access has been seperated out from auth.c, and implements an AVL
tree for a faster username lookup. The htpasswd file timestamp is checked
just in case there are changes made externally
svn path=/icecast/trunk/icecast/; revision=9713
it is at the right point. kick off the YP 'add' 5 seconds after source startup
so that any stats are processed.
svn path=/icecast/trunk/icecast/; revision=9314
YP is enabled by default but automatically turned off if the curl test fails
(unless --enable-yp is explicitly passed to configure, in which case configure
will fail if the curl test fails).
svn path=/trunk/icecast/; revision=4831