Bug fixes and new features.

- Made the CHECK_GID feature optional (by compile-time configuration).
- The supplementary group access list is now set, if the target user has a pwent.
- Target users can be required to have a pwent (by compile-time configuration).
- Child exit statuses are now correctly propagated to the parent.
- Updated the README.
- Bumped version number to 0.5.
master v0.5
Sune Foldager 14 years ago
parent d2ea4e1057
commit 6f3ffa2ea8
  1. 5
      README
  2. 35
      execwrap.c
  3. 8
      execwrap_config.h

@ -70,6 +70,11 @@ DEFAULT_UID The default (numeric) UID to become, if no UID is given vi
DEFAULT_GID The same as DEFAULT_UID, but for the GID. The same reasons and
restrictions apply.
REQUIRE_PWENT If set, target users are reuired to have passwd-entries. These are
used to set the supplementary group access list. Defaults to 0.
ALLOW_CHECKGID If set, enabled the CHECK_GID feature, q.v. Defaults to 1.
The following configuration parameters shouldn't normally be changed. In case you have a
clash with some other ENV arguments to the target program, they can be changed, however.

@ -2,7 +2,7 @@
Superuser-exec wrapper for HTTP serves and other needs (made especially for lighttpd).
Allows programs to be run with configurable uid/gid.
Version 0.4 (2006-06-09)
Version 0.5 (2008-07-07)
For documentation on how to configure the wrapper, see the README.
Command line option -v displays version, while -V displays compile-time configuration.
@ -12,6 +12,11 @@ Brief version history:
Vers Date Changes
-----------------------------------------------------------------------------------------
0.5 2008-07-07 Added proper handling of the supplementary group access list. Fixed a
bug with passing on return values from the child process. Added
compile-time configuration options to disable the CHECK_GID feature and
to require the target user to have a pwent (in /etc/passwd).
Thanks to stbuehler, hoffie and _lotek from #lighttpd for help.
0.4 2006-06-09 Added a BSD license.
0.3 2005-09-27 Changed the wrapper to stay resident and propagate SIGTERM to the
target. Not doing so will prevent the server from managing the target.
@ -26,7 +31,7 @@ Vers Date Changes
License:
Copyright (c) 2006, Sune Foldager
Copyright (c) 2008, Sune Foldager
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are
@ -76,6 +81,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#define RC_WRONG_GROUP 22
#define RC_EXEC 23
#define RC_BAD_OPTION 24
#define RC_CHILD_ABNORMAL_EXIT 25
#define RC_MISSING_PWENT 26
/* User configuration. */
#include "execwrap_config.h"
@ -95,7 +103,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#endif
/* Useful macro and other stuff. */
#define VERSION_STRING "ExecWrap v0.3 by Sune Foldager."
#define VERSION_STRING "ExecWrap v0.5 Copyright (c) 2008, Sune Foldager."
#define STRLEN(a) (sizeof(a)-1)
/* Shortcuts. */
@ -111,8 +119,10 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h>
#include <signal.h>
#include <pwd.h>
/* The global child PID and previous SIGTERM handler. */
@ -155,6 +165,9 @@ int main(int argc, char* argv[], char* envp[])
printf("TARGET_PATH_PREFIX : %s\n", TARGET_PATH_PREFIX);
printf("DEFAULT_UID : %d\n", DEFAULT_UID);
printf("DEFAULT_GID : %d\n", DEFAULT_GID);
puts("");
printf("REQUIRE_PWENT : %d\n", REQUIRE_PWENT);
printf("ALLOW_CHECKGID : %d\n", ALLOW_CHECKGID);
return 0;
}
@ -198,10 +211,12 @@ int main(int argc, char* argv[], char* envp[])
}
/* Check GID instead of UID. */
#if ALLOW_CHECKGID
if(!strncmp(ENV_CHECK_GID, s, ENV_CHECK_GID_LEN))
{
check_gid = 1;
}
#endif
/* Use non-resident wrapping style. */
if(!strncmp(ENV_NON_RESIDENT, s, ENV_NON_RESIDENT_LEN))
@ -214,6 +229,12 @@ int main(int argc, char* argv[], char* envp[])
/* See if we got all we need. */
if(!target) return RC_MISSING_CONFIG;
/* Fetch user information from passwd. */
struct passwd *pwent = getpwuid(uid);
#if REQUIRE_PWENT
if(!pwent) return RC_MISSING_PWENT;
#endif
/* Install the SIGTERM handler. */
if(!non_resident)
{
@ -225,7 +246,8 @@ int main(int argc, char* argv[], char* envp[])
if(non_resident || !(pid = fork()))
{
/* We're in the child. Drop privileges. */
/* We're in the child. Drop privileges and set the group list. */
if(pwent && initgroups(pwent->pw_name, gid)) return RC_SETGID;
if(setgid(gid)) return RC_SETGID;
if(setuid(uid)) return RC_SETUID;
@ -262,7 +284,6 @@ int main(int argc, char* argv[], char* envp[])
/* Here we're in the parent. Wait for the child to be done, and return. */
int status;
wait(&status);
return status;
if(WIFEXITED(status)) return WEXITSTATUS(status);
return RC_CHILD_ABNORMAL_EXIT;
}

@ -9,7 +9,7 @@ See the README for documentation.
/* Our parent must have this UID, or we will abort. */
#define PARENT_UID 104
#define PARENT_UID 106
/* Minimum UID we can switch to. */
#define TARGET_MIN_UID 1000
@ -26,3 +26,9 @@ See the README for documentation.
/* Default GID to switch to, if none given. */
#define DEFAULT_GID 65534
/* Require users to have pwents (i.e. entries in /etc/passwd or similar)? */
#define REQUIRE_PWENT 0
/* Allow use of the CHECK_GID mode? */
#define ALLOW_CHECKGID 1

Loading…
Cancel
Save