mirror of
https://github.com/apache/httpd.git
synced 2025-08-03 16:33:59 +00:00
unixd_drop_privileges and ap_unixd_setup_child are almost the same,
so let's remove the redundant code. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1617196 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Takashi Sato
@ -134,9 +134,13 @@ static int set_group_privs(void)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
|
unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
|
||||||
|
{
|
||||||
|
return ap_unixd_setup_child();
|
||||||
|
}
|
||||||
|
|
||||||
|
AP_DECLARE(int) ap_unixd_setup_child(void)
|
||||||
{
|
{
|
||||||
int rv = set_group_privs();
|
int rv = set_group_privs();
|
||||||
|
|
||||||
@ -326,58 +330,6 @@ unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
|
|||||||
return OK;
|
return OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
AP_DECLARE(int) ap_unixd_setup_child(void)
|
|
||||||
{
|
|
||||||
if (set_group_privs()) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (NULL != ap_unixd_config.chroot_dir) {
|
|
||||||
if (geteuid()) {
|
|
||||||
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02164)
|
|
||||||
"Cannot chroot when not started as root");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (chdir(ap_unixd_config.chroot_dir) != 0) {
|
|
||||||
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02165)
|
|
||||||
"Can't chdir to %s", ap_unixd_config.chroot_dir);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (chroot(ap_unixd_config.chroot_dir) != 0) {
|
|
||||||
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02166)
|
|
||||||
"Can't chroot to %s", ap_unixd_config.chroot_dir);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (chdir("/") != 0) {
|
|
||||||
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02167)
|
|
||||||
"Can't chdir to new root");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Only try to switch if we're running as root */
|
|
||||||
if (!geteuid() && (
|
|
||||||
#ifdef _OSD_POSIX
|
|
||||||
os_init_job_environment(NULL, ap_unixd_config.user_name, ap_exists_config_define("DEBUG")) != 0 ||
|
|
||||||
#endif
|
|
||||||
setuid(ap_unixd_config.user_id) == -1)) {
|
|
||||||
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02168)
|
|
||||||
"setuid: unable to change to uid: %ld",
|
|
||||||
(long) ap_unixd_config.user_id);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
|
|
||||||
/* this applies to Linux 2.4+ */
|
|
||||||
if (ap_coredumpdir_configured) {
|
|
||||||
if (prctl(PR_SET_DUMPABLE, 1)) {
|
|
||||||
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02169)
|
|
||||||
"set dumpable failed - this child will not coredump"
|
|
||||||
" after software errors");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void unixd_dump_config(apr_pool_t *p, server_rec *s)
|
static void unixd_dump_config(apr_pool_t *p, server_rec *s)
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user