From ea95624e2d22fc1142d9a96acfcc9c6134395b4d Mon Sep 17 00:00:00 2001 From: joey Date: Mon, 4 Sep 2006 03:38:02 +0000 Subject: * Drop real uid/gid in the suid wrapper, thus allowing commits to remote subversion repos and fixing some other issues. --- IkiWiki/Wrapper.pm | 5 +++++ debian/changelog | 4 +++- doc/bugs/svn+ssh_commit_fail.mdwn | 2 +- doc/roadmap.mdwn | 3 ++- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm index 52a7ca2c7..deba58d28 100644 --- a/IkiWiki/Wrapper.pm +++ b/IkiWiki/Wrapper.pm @@ -75,6 +75,11 @@ $envsave newenviron[i]=NULL; environ=newenviron; + if (setregid(getegid(), -1) != 0 || setreuid(geteuid(), -1) != 0) { + perror("failed to drop real uid/gid"); + exit(1); + } + execl("$this", "$this", NULL); perror("failed to run $this"); exit(1); diff --git a/debian/changelog b/debian/changelog index 39b2e829b..4e085b6be 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,8 +2,10 @@ ikiwiki (1.25) UNRELEASED; urgency=low * Add proper waitpid calls for open2ed processes throughout to avoid zombies; this hit htmltidy especially badly. + * Drop real uid/gid in the suid wrapper, thus allowing commits to remote + subversion repos and fixing some other issues. - -- Joey Hess Sun, 3 Sep 2006 15:56:55 -0400 + -- Joey Hess Sun, 3 Sep 2006 23:28:37 -0400 ikiwiki (1.24) unstable; urgency=low diff --git a/doc/bugs/svn+ssh_commit_fail.mdwn b/doc/bugs/svn+ssh_commit_fail.mdwn index a26a0b0e4..b58f43721 100644 --- a/doc/bugs/svn+ssh_commit_fail.mdwn +++ b/doc/bugs/svn+ssh_commit_fail.mdwn @@ -2,4 +2,4 @@ If I try to do a web commit, to a svn+ssh repo, it fails with "Host key verification failed." I think that the setuid isn't fully taking; it should be running as me, but commit log shows www-data. So maybe it has the wrong username? Or -EUID/Real UID screwage. +EUID/Real UID screwage. [[bugs/done]] diff --git a/doc/roadmap.mdwn b/doc/roadmap.mdwn index eb1ebd6fa..2cbf6dd1c 100644 --- a/doc/roadmap.mdwn +++ b/doc/roadmap.mdwn @@ -18,7 +18,8 @@ Released 29 April 2006. * [[Tags]] _(status: fair)_ * Should have fully working [[todo/utf8]] support. _(status: good)_ * [[Optimised_rendering|todo/optimisations]] if possible. Deal with other - scalability issues. _(status: 45%-60%+ speedup since 1.0)_ + scalability issues. _(status: 45%-60%+ speedup since 1.0, much more + possible)_ * Improved [[todo/html]] stylesheets and templates. * Improved scalable [[logo]]. _(status: done)_ * Support for at least one RCS aside from svn. Once it supports two, it should -- cgit v1.2.3