diff options
author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-09-04 03:38:02 +0000 |
---|---|---|
committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-09-04 03:38:02 +0000 |
commit | ea95624e2d22fc1142d9a96acfcc9c6134395b4d (patch) | |
tree | a4ab61011f2c0b6ffeb0de4b03987e9ef3ef41ae | |
parent | 69336315018287f8fab97bf2c17d10b8e3d712fc (diff) | |
download | ikiwiki-ea95624e2d22fc1142d9a96acfcc9c6134395b4d.tar ikiwiki-ea95624e2d22fc1142d9a96acfcc9c6134395b4d.tar.gz |
* Drop real uid/gid in the suid wrapper, thus allowing commits to remote
subversion repos and fixing some other issues.
-rw-r--r-- | IkiWiki/Wrapper.pm | 5 | ||||
-rw-r--r-- | debian/changelog | 4 | ||||
-rw-r--r-- | doc/bugs/svn+ssh_commit_fail.mdwn | 2 | ||||
-rw-r--r-- | doc/roadmap.mdwn | 3 |
4 files changed, 11 insertions, 3 deletions
diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm index 52a7ca2c7..deba58d28 100644 --- a/IkiWiki/Wrapper.pm +++ b/IkiWiki/Wrapper.pm @@ -75,6 +75,11 @@ $envsave newenviron[i]=NULL; environ=newenviron; + if (setregid(getegid(), -1) != 0 || setreuid(geteuid(), -1) != 0) { + perror("failed to drop real uid/gid"); + exit(1); + } + execl("$this", "$this", NULL); perror("failed to run $this"); exit(1); diff --git a/debian/changelog b/debian/changelog index 39b2e829b..4e085b6be 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,8 +2,10 @@ ikiwiki (1.25) UNRELEASED; urgency=low * Add proper waitpid calls for open2ed processes throughout to avoid zombies; this hit htmltidy especially badly. + * Drop real uid/gid in the suid wrapper, thus allowing commits to remote + subversion repos and fixing some other issues. - -- Joey Hess <joeyh@debian.org> Sun, 3 Sep 2006 15:56:55 -0400 + -- Joey Hess <joeyh@debian.org> Sun, 3 Sep 2006 23:28:37 -0400 ikiwiki (1.24) unstable; urgency=low diff --git a/doc/bugs/svn+ssh_commit_fail.mdwn b/doc/bugs/svn+ssh_commit_fail.mdwn index a26a0b0e4..b58f43721 100644 --- a/doc/bugs/svn+ssh_commit_fail.mdwn +++ b/doc/bugs/svn+ssh_commit_fail.mdwn @@ -2,4 +2,4 @@ If I try to do a web commit, to a svn+ssh repo, it fails with "Host key verification failed." I think that the setuid isn't fully taking; it should be running as me, but commit log shows www-data. So maybe it has the wrong username? Or -EUID/Real UID screwage. +EUID/Real UID screwage. [[bugs/done]] diff --git a/doc/roadmap.mdwn b/doc/roadmap.mdwn index eb1ebd6fa..2cbf6dd1c 100644 --- a/doc/roadmap.mdwn +++ b/doc/roadmap.mdwn @@ -18,7 +18,8 @@ Released 29 April 2006. * [[Tags]] _(status: fair)_ * Should have fully working [[todo/utf8]] support. _(status: good)_ * [[Optimised_rendering|todo/optimisations]] if possible. Deal with other - scalability issues. _(status: 45%-60%+ speedup since 1.0)_ + scalability issues. _(status: 45%-60%+ speedup since 1.0, much more + possible)_ * Improved [[todo/html]] stylesheets and templates. * Improved scalable [[logo]]. _(status: done)_ * Support for at least one RCS aside from svn. Once it supports two, it should |