httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "pqf" <...@mailtech.cn>
Subject Re: [mod_fcgid PATCH] catch errors from setuid()/seteuid()
Date Thu, 21 Jan 2010 01:19:08 GMT
I man seteuid in my Linux box, there are two types of errors:
ERRORS
       The seteuid() function shall fail if:

       EINVAL The value of the uid argument is invalid and is not supported by the implementation.

       EPERM  The  process  does not have appropriate privileges and uid does not match the
real group ID or the saved set-group-
              ID.

If directly pass 0 in setuid(), EINVAL may not happend
If this process is seteuid from root, EPERM may not happend

so, I think the check is just a textbook logic check? just call _exit(1) if it fail? 


--------------------------------------------------
From: "Jeff Trawick" <trawick@gmail.com>
Sent: Thursday, January 21, 2010 5:38 AM
To: <dev@httpd.apache.org>
Subject: [mod_fcgid PATCH] catch errors from setuid()/seteuid()

> During the last hackathon, Paul was kind enough to run the clang/llvm
> static analysis on mod_fcgid
> (http://zeus.kimaker.com/~chip/fcgid-scan/).  That pointed out these
> setuid()/seteuid() calls that aren't checked prior to running a child.
> 
> The error checking itself is simple enough, but there's an ugly aspect
> of the implementation that results in trying to switch effective/real
> uids multiple times that I worked around.  (See the FIXME text in the
> patch.  I'm not aware of a simple solution, especially one simple
> enough to get into 2.3.5)  The seteuid() call would otherwise fail on
> subsequent invocations for the same child.
> 
> IIRC Joe thought that the seteuid() wasn't needed at all, but the
> setuid() fails without it on Solaris.
> 
> Concerns?
> 
> Is there some reason that testing on Linux and Solaris wouldn't be sufficient?
> 
Mime
View raw message