Skip Menu |

This queue is for tickets about the FCGI-Daemon CPAN distribution.

Report information
The Basics
Id: 118716
Status: open
Priority: 0/
Queue: FCGI-Daemon
People
Owner: Nobody in particular
Requestors: bes.internal [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Fri Nov 11 09:17:58 2016 bes.internal [...] gmail.com - Ticket created
Subject: incorrectly privileges drop
Date: Fri, 11 Nov 2016 17:17:48 +0300
To: bug-FCGI-Daemon [...] rt.cpan.org
From: bes <bes.internal [...] gmail.com>
1) die at change egid (line 111) because incorrectly use "local" that produce "invalid argument" error message. 2) should also empty group list 3) check that the privileges really changed 4) Maybe just use Privileges :: Drop? 5) What about cleaning env?
  Mon Mar 11 12:10:06 2019 kb [...] open.ch - Correspondence added
Attached is the patch to fix this issue.
Subject: fcgi-daemon.patch
diff --git a/shared/tmp/Daemon.pm b/Daemon.pm index 195798e..9acc7a9 100644 --- a/shared/tmp/Daemon.pm +++ b/Daemon.pm @@ -108,10 +108,16 @@ sub run { # drop privileges if run as root if(defined $o{gid_num} and defined $o{uid_num}){ - local $REAL_GROUP_ID= local $EFFECTIVE_GROUP_ID= getgrnam($o{gid}); - dieif($OS_ERROR,'Unable to change group_id to '.$o{gid}); - local $REAL_USER_ID= local $EFFECTIVE_USER_ID= getpwnam($o{uid}); - dieif($OS_ERROR,'Unable to change user_id to '.$o{uid}); + my $gid = getgrnam($o{gid}); + $EFFECTIVE_GROUP_ID= "$gid $gid"; + dieif($OS_ERROR,'Unable to effective group_id to '.$o{gid}); + $REAL_GROUP_ID= $gid; + dieif($OS_ERROR,'Unable to change real group_id to '.$o{gid}); + my $uid = getpwnam($o{uid}); + $EFFECTIVE_USER_ID = $uid; + dieif($OS_ERROR,'Unable to change effective user_id to '.$o{uid}); + $REAL_USER_ID=$uid; + dieif($OS_ERROR,'Unable to change real user_id to '.$o{uid}); } ## set rlimit(s)
  Mon Mar 11 12:10:07 2019 The RT System itself - Status changed from 'new' to 'open'