aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-09-04 03:38:02 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-09-04 03:38:02 +0000
commitea95624e2d22fc1142d9a96acfcc9c6134395b4d (patch)
treea4ab61011f2c0b6ffeb0de4b03987e9ef3ef41ae
parent69336315018287f8fab97bf2c17d10b8e3d712fc (diff)
downloadikiwiki-ea95624e2d22fc1142d9a96acfcc9c6134395b4d.tar
ikiwiki-ea95624e2d22fc1142d9a96acfcc9c6134395b4d.tar.gz
* Drop real uid/gid in the suid wrapper, thus allowing commits to remote
subversion repos and fixing some other issues.
-rw-r--r--IkiWiki/Wrapper.pm5
-rw-r--r--debian/changelog4
-rw-r--r--doc/bugs/svn+ssh_commit_fail.mdwn2
-rw-r--r--doc/roadmap.mdwn3
4 files changed, 11 insertions, 3 deletions
diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index 52a7ca2c7..deba58d28 100644
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -75,6 +75,11 @@ $envsave
newenviron[i]=NULL;
environ=newenviron;
+ if (setregid(getegid(), -1) != 0 || setreuid(geteuid(), -1) != 0) {
+ perror("failed to drop real uid/gid");
+ exit(1);
+ }
+
execl("$this", "$this", NULL);
perror("failed to run $this");
exit(1);
diff --git a/debian/changelog b/debian/changelog
index 39b2e829b..4e085b6be 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,10 @@ ikiwiki (1.25) UNRELEASED; urgency=low
* Add proper waitpid calls for open2ed processes throughout to avoid
zombies; this hit htmltidy especially badly.
+ * Drop real uid/gid in the suid wrapper, thus allowing commits to remote
+ subversion repos and fixing some other issues.
- -- Joey Hess <joeyh@debian.org> Sun, 3 Sep 2006 15:56:55 -0400
+ -- Joey Hess <joeyh@debian.org> Sun, 3 Sep 2006 23:28:37 -0400
ikiwiki (1.24) unstable; urgency=low
diff --git a/doc/bugs/svn+ssh_commit_fail.mdwn b/doc/bugs/svn+ssh_commit_fail.mdwn
index a26a0b0e4..b58f43721 100644
--- a/doc/bugs/svn+ssh_commit_fail.mdwn
+++ b/doc/bugs/svn+ssh_commit_fail.mdwn
@@ -2,4 +2,4 @@ If I try to do a web commit, to a svn+ssh repo, it fails with
"Host key verification failed."
I think that the setuid isn't fully taking; it should be running as me,
but commit log shows www-data. So maybe it has the wrong username? Or
-EUID/Real UID screwage.
+EUID/Real UID screwage. [[bugs/done]]
diff --git a/doc/roadmap.mdwn b/doc/roadmap.mdwn
index eb1ebd6fa..2cbf6dd1c 100644
--- a/doc/roadmap.mdwn
+++ b/doc/roadmap.mdwn
@@ -18,7 +18,8 @@ Released 29 April 2006.
* [[Tags]] _(status: fair)_
* Should have fully working [[todo/utf8]] support. _(status: good)_
* [[Optimised_rendering|todo/optimisations]] if possible. Deal with other
- scalability issues. _(status: 45%-60%+ speedup since 1.0)_
+ scalability issues. _(status: 45%-60%+ speedup since 1.0, much more
+ possible)_
* Improved [[todo/html]] stylesheets and templates.
* Improved scalable [[logo]]. _(status: done)_
* Support for at least one RCS aside from svn. Once it supports two, it should