From b668227481028db996487cf64cee68a771dc9868 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 25 Oct 2007 07:44:18 -0400 Subject: [PATCH] web commit by HenrikBrixAndersen: ikiwiki-mass-rebuild fails to drop privileges and execute ikiwiki --- ...o_drop_privileges_and_execute_ikiwiki.mdwn | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 doc/bugs/ikiwiki-mass-rebuild_fails_to_drop_privileges_and_execute_ikiwiki.mdwn diff --git a/doc/bugs/ikiwiki-mass-rebuild_fails_to_drop_privileges_and_execute_ikiwiki.mdwn b/doc/bugs/ikiwiki-mass-rebuild_fails_to_drop_privileges_and_execute_ikiwiki.mdwn new file mode 100644 index 000000000..ae7f908d2 --- /dev/null +++ b/doc/bugs/ikiwiki-mass-rebuild_fails_to_drop_privileges_and_execute_ikiwiki.mdwn @@ -0,0 +1,24 @@ +The ikiwiki-mass-rebuild utility fails to drop privileges and fails to execute ikiwiki on FreeBSD. + +The solution is to set the effective UID after setting the real UID, and to set $PATH in the environment before calling exec(). + +Proposed patch: + + --- ikiwiki-mass-rebuild.orig 2007-08-15 22:21:59.000000000 +0200 + +++ ikiwiki-mass-rebuild 2007-10-25 13:04:10.000000000 +0200 + @@ -22,13 +22,14 @@ sub processline { + my ($uuid, $ugid) = (getpwnam($user))[2, 3]; + $)="$ugid $ugid"; + $(=$ugid; + - $>=$uuid; + $<=$uuid; + + $>=$uuid; + if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") { + die "failed to drop permissions to $user"; + } + %ENV=(); + $ENV{HOME}=(getpwnam($user))[7]; + + $ENV{PATH}="/usr/bin:/usr/local/bin"; + exec("ikiwiki", "-setup", $setup, @ARGV); + die "failed to run ikiwiki: $!"; + }