Commit 1b3c3529 authored by Nick Kew's avatar Nick Kew
Browse files

Switch all unix MPMs to use drop_privileges hook (mod_unixd) for startup 

and add a flag to prevent running without any module taking responsibility
for managing system privileges!


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@709993 13f79535-47bb-0310-9956-ffa450edef68
parent 8f19a1c0

include/mpm_common.h

+4 −0
Original line number Diff line number Diff line
@@ -364,6 +364,10 @@ extern const char *ap_mpm_set_exception_hook(cmd_parms *cmd, void *dummy, 


AP_DECLARE_HOOK(int,monitor,(apr_pool_t *p))



/* register modules that undertake to manage system security */

extern int sys_privileges;

AP_DECLARE_HOOK(int, drop_privileges, (apr_pool_t * pchild, server_rec * s))



#ifdef __cplusplus

}

#endif

modules/arch/unix/mod_unixd.c

+3 −4
Original line number Diff line number Diff line
@@ -49,8 +49,6 @@ 
#include <sys/prctl.h>

#endif



#include "simple_api.h"



#ifndef DEFAULT_USER

#define DEFAULT_USER "#-1"

#endif
@@ -281,6 +279,7 @@ unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog, 


    unixd_config.chroot_dir = NULL; /* none */



    ++sys_privileges;

    return OK;

}
@@ -289,7 +288,7 @@ static void unixd_hooks(apr_pool_t *pool) 
    ap_hook_pre_config(unixd_pre_config,

                       NULL, NULL, APR_HOOK_FIRST);



    ap_hook_simple_drop_privileges(unixd_drop_privileges,

    ap_hook_drop_privileges(unixd_drop_privileges,

                            NULL, NULL, APR_HOOK_FIRST);

}

server/core.c

+17 −0
Original line number Diff line number Diff line
@@ -3884,6 +3884,22 @@ static int core_pre_connection(conn_rec *c, void *csd) 
    return DONE;

}



/* Insist that at least one module will undertake to provide system

 * security by dropping startup privileges.

 */

AP_DECLARE(int) sys_privileges = 0;

static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)

{

    if (!sys_privileges) {

        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL,

                     "Server MUST relinquish startup privileges before "

                     "accepting connections.  Please ensure mod_unixd "

                     "or other system security module is loaded.");

        return !OK;

    }

    return OK;

}



static void register_hooks(apr_pool_t *p)

{

    /* create_connection and install_transport_filters are
@@ -3896,6 +3912,7 @@ static void register_hooks(apr_pool_t *p) 
    ap_hook_pre_connection(core_pre_connection, NULL, NULL,

                           APR_HOOK_REALLY_LAST);



    ap_hook_pre_config(core_pre_config,NULL,NULL,APR_HOOK_LAST);

    ap_hook_post_config(core_post_config,NULL,NULL,APR_HOOK_REALLY_FIRST);

    ap_hook_translate_name(ap_core_translate,NULL,NULL,APR_HOOK_REALLY_LAST);

    ap_hook_map_to_storage(core_map_to_storage,NULL,NULL,APR_HOOK_REALLY_LAST);

server/mpm/experimental/event/event.c

+1 −1
Original line number Diff line number Diff line
@@ -1575,7 +1575,7 @@ static void child_main(int child_num_arg) 
    /*stuff to do before we switch id's, so we have permissions. */

    ap_reopen_scoreboard(pchild, NULL, 0);



    if (unixd_setup_child()) {

    if (ap_run_drop_privileges(pchild, ap_server_conf)) {

        clean_child_exit(APEXIT_CHILDFATAL);

    }

server/mpm/prefork/prefork.c

+1 −1
Original line number Diff line number Diff line
@@ -473,7 +473,7 @@ static void child_main(int child_num_arg) 
        clean_child_exit(APEXIT_CHILDFATAL);

    }



    if (unixd_setup_child()) {

    if (ap_run_drop_privileges(pchild, ap_server_conf)) {

        clean_child_exit(APEXIT_CHILDFATAL);

    }