View | Details | Raw Unified | Return to bug 16056
Collapse All | Expand All

(-)file_not_specified_in_diff (-3 / +49 lines)
Line  Link Here
0
-- srclib/apr/shmem/unix/shm.c.orig    Wed Feb  5 10:02:31 2003
0
++ srclib/apr/shmem/unix/shm.c Wed Feb  5 11:17:44 2003
Lines 240-248 Link Here
240
        if (shmctl(new_m->shmid, IPC_STAT, &shmbuf) == -1) {
240
        if (shmctl(new_m->shmid, IPC_STAT, &shmbuf) == -1) {
241
            return errno;
241
            return errno;
242
        }
242
        }
243
        apr_uid_current(&uid, &gid, pool);
243
244
       /* In a forking model, the parent process runs as root, while
245
        * the child processes run as some unprivelaged user and group.
246
        * Any shared memory and mutexes allocated for modules must be
247
        * accessible by child processes, therefore we must either
248
        * change the ownership to that of the child process (assuming
249
        * allocation by an ap_hook_post_config handler from within the
250
        * root-owned parent process) OR change the permissions to either
251
        * be group or world read/writable.
252
        *
253
        * The former is the more suitable method since it maintains
254
        * tighter security on the child processess, but requires that
255
        * Aapche (or its modules) provided apr_shm_create() the uid/gid
256
        * of an unprivelaged user and group either by accessing
257
        * unixd_config or changing the API.
258
        *
259
        * The latter is a simpler solution changing permissions from
260
        * unspecified to 0660 or 0666, but raises in my mind security
261
        * concerns about a root owned shared memory block (though I
262
        * could be just overly paranoid).
263
        */
264
       apr_uid_current(&uid, &gid, pool);
244
        shmbuf.shm_perm.uid = uid;
265
        shmbuf.shm_perm.uid = uid;
245
        shmbuf.shm_perm.gid = gid;
266
        shmbuf.shm_perm.gid = gid;
267
        shmbuf.shm_perm.mode = 0660;
268
246
        if (shmctl(new_m->shmid, IPC_SET, &shmbuf) == -1) {
269
        if (shmctl(new_m->shmid, IPC_SET, &shmbuf) == -1) {
247
            return errno;
270
            return errno;
248
        }
271
        }
Lines 387-395 Link Here
387
        if (shmctl(new_m->shmid, IPC_STAT, &shmbuf) == -1) {
410
        if (shmctl(new_m->shmid, IPC_STAT, &shmbuf) == -1) {
388
            return errno;
411
            return errno;
389
        }
412
        }
390
        apr_uid_current(&uid, &gid, pool);
413
414
       /* In a forking model, the parent process runs as root, while
415
        * the child processes run as some unprivelaged user and group.
416
        * Any shared memory and mutexes allocated for modules must be
417
        * accessible by child processes, therefore we must either
418
        * change the ownership to that of the child process (assuming
419
        * allocation by an ap_hook_post_config handler from within the
420
        * root-owned parent process) OR change the permissions to either
421
        * be group or world read/writable.
422
        *
423
        * The former is the more suitable method since it maintains
424
        * tighter security on the child processess, but requires that
425
        * Aapche (or its modules) provided apr_shm_create() the uid/gid
426
        * of an unprivelaged user and group either by accessing
427
        * unixd_config or changing the API.
428
        *
429
        * The latter is a simpler solution changing permissions from
430
        * unspecified to 0660 or 0666, but raises in my mind security
431
        * concerns about a root owned shared memory block (though I
432
        * could be just overly paranoid).
433
        */
434
       apr_uid_current(&uid, &gid, pool);
391
        shmbuf.shm_perm.uid = uid;
435
        shmbuf.shm_perm.uid = uid;
392
        shmbuf.shm_perm.gid = gid;
436
        shmbuf.shm_perm.gid = gid;
437
        shmbuf.shm_perm.mode = 0660;
438
393
        if (shmctl(new_m->shmid, IPC_SET, &shmbuf) == -1) {
439
        if (shmctl(new_m->shmid, IPC_SET, &shmbuf) == -1) {
394
            return errno;
440
            return errno;
395
        }
441
        }

Return to bug 16056