httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [mod_fcgid PATCH] catch errors from setuid()/seteuid()
Date Thu, 21 Jan 2010 13:23:16 GMT
On Wed, Jan 20, 2010 at 8:19 PM, pqf <pqf@mailtech.cn> wrote:
> I man seteuid in my Linux box, there are two types of errors:
> ERRORS
>       The seteuid() function shall fail if:
>
>       EINVAL The value of the uid argument is invalid and is not supported by the
implementation.
>
>       EPERM  The  process  does not have appropriate privileges and uid does not
match the real group ID or the saved set-group-
>              ID.
>
> If directly pass 0 in setuid(), EINVAL may not happend
> If this process is seteuid from root, EPERM may not happend
>
> so, I think the check is just a textbook logic check?

yes, until somebody changes code or some other bug results in this
being called in a different environment

> just call _exit(1) if it fail?

two concerns with that minimal change:

1. seteuid() works once then fails n times now (at least on Solaris),
so some extra logic is needed
2. even if these calls never fail, the presence of the exit() without
a log message may cause somebody to lose a lot of time investigating a
mysterious disappearance of the new process

--/--

I'll punt on this until after 2.3.5 since I'd like to spend the time
to watch it work on another platform or two.  (suexec is not something
I use more than once every ~3 years, so it is worth setting up in
multiple environments.)

Mime
View raw message