* Drop real uid/gid in the suid wrapper, thus allowing commits to remote

subversion repos and fixing some other issues.

IkiWiki/Wrapper.pm

@@ -75,6 +75,11 @@ $envsave
 	newenviron[i]=NULL;
 	environ=newenviron;
 
+	if (setregid(getegid(), -1) != 0 || setreuid(geteuid(), -1) != 0) {
+		perror("failed to drop real uid/gid");
+		exit(1);
+	}
+
 	execl("$this", "$this", NULL);
 	perror("failed to run $this");
 	exit(1);

debian/changelog

@@ -2,8 +2,10 @@ ikiwiki (1.25) UNRELEASED; urgency=low
 
   * Add proper waitpid calls for open2ed processes throughout to avoid
     zombies; this hit htmltidy especially badly.
+  * Drop real uid/gid in the suid wrapper, thus allowing commits to remote
+    subversion repos and fixing some other issues.
 
- -- Joey Hess <joeyh@debian.org>  Sun,  3 Sep 2006 15:56:55 -0400
+ -- Joey Hess <joeyh@debian.org>  Sun,  3 Sep 2006 23:28:37 -0400
 
 ikiwiki (1.24) unstable; urgency=low
 

doc/bugs/svn+ssh_commit_fail.mdwn

@@ -2,4 +2,4 @@ If I try to do a web commit, to a svn+ssh repo, it fails with
 "Host key verification failed."
 I think that the setuid isn't fully taking; it should be running as me,
 but commit log shows www-data. So maybe it has the wrong username? Or
-EUID/Real UID screwage.
+EUID/Real UID screwage. [[bugs/done]]

doc/roadmap.mdwn

@@ -18,7 +18,8 @@ Released 29 April 2006.
 * [[Tags]] _(status: fair)_
 * Should have fully working [[todo/utf8]] support. _(status: good)_
 * [[Optimised_rendering|todo/optimisations]] if possible. Deal with other
-  scalability issues. _(status: 45%-60%+ speedup since 1.0)_
+  scalability issues. _(status: 45%-60%+ speedup since 1.0, much more
+  possible)_
 * Improved [[todo/html]] stylesheets and templates.
 * Improved scalable [[logo]]. _(status: done)_
 * Support for at least one RCS aside from svn. Once it supports two, it should