bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Add --disable-setuid to configure to disable calls to setuid(

From: James E Jurach Jr.
Subject: PROPOSAL: Add --disable-setuid to configure to disable calls to setuid(), etc.
Date: Tue, 02 Jul 2002 01:47:11 -0500 
PURPOSE:  To allow pserver to run as non-root.

PROPOSAL:  Add --disable-setuid to configure to disable calls to setuid(), etc.

OVERVIEW:  Currently, pserver is forced to attempt a setuid() within
switch_to_user() on every request.  This requires pserver either to be run
as the user on the machine submitting the request, or to be run as root who
is capable of changing users.  When you try to run pserver as non-root, you
get a difficult-to-diagnose error because non-root fails to setuid().
Also, the identified user would otherwise have to be listed in
/etc/password, because the call to getpwnam() preceding setuid() is
expected to succeed.

We want to run cvs as a non-root user, and we want to use an ACL commitinfo
script to control access to files, rather than system file ownership and
permissions.  We will not require the identified user exist in /etc/passwd.
src/server.c will still make a determination of a username for access
control and logging purposes, but will not attempt to getpwnam() nor
setuid(), etc.

IMPLEMENTATION:  Minor change to src/server.c and configure/build system.

PATCH:

Index: ccvs/ChangeLog
===================================================================
RCS file: /cvs/ccvs/ChangeLog,v
retrieving revision 1.649
diff -u -3 -r1.649 ChangeLog
--- ccvs/ChangeLog      28 Jun 2002 18:52:30 -0000      1.649
+++ ccvs/ChangeLog      2 Jul 2002 06:34:19 -0000
@@ -1,3 +1,12 @@
+2002-07-02  James Jurach  <muaddib@erf.net>
+
+       * configure.in: Add --disable-setuid option to disable attempts to
+       setuid(), setgid() and related functions.
+
+       * src/server.c: When SETUID_SUPPORT is not defined within
+       switch_to_user(), no attempt is made to call getpwnam(),  setuid(),
+       setgid(), and related functions.
+
 2002-06-28  Derek Price  <oberon@umich.edu>
 
        * INSTALL (Building [on] other platforms): Don't reference the Mac
Index: ccvs/configure.in
===================================================================
RCS file: /cvs/ccvs/configure.in,v
retrieving revision 1.149
diff -u -3 -r1.149 configure.in
--- ccvs/configure.in   8 May 2002 17:48:46 -0000       1.149
+++ ccvs/configure.in   2 Jul 2002 06:34:20 -0000
@@ -403,6 +403,14 @@
 ])dnl AC_SEARCH_LIBS
 fi # enable_server
 
+# Check to see if we ever want to change uid.
+AC_ARG_ENABLE(setuid,
+[  --enable-setuid     Allow cvs process to change user. (default)],   
+[if test "$enable_setuid" != no; then
+  AC_DEFINE(SETUID_SUPPORT, 1,
+  [Define if you expect cvs to attempt to setuid and setgid.])
+fi])
+
 dnl For the moment we will assume that all systems which have
 dnl the unixyness to run configure are unixy enough to do the
 dnl PreservePermissions stuff.  I have this sinking feeling that
Index: ccvs/src/server.c
===================================================================
RCS file: /cvs/ccvs/src/server.c,v
retrieving revision 1.275
diff -u -3 -r1.275 server.c
--- ccvs/src/server.c   18 Jun 2002 13:35:28 -0000      1.275
+++ ccvs/src/server.c   2 Jul 2002 06:34:24 -0000
@@ -5282,6 +5282,7 @@
 switch_to_user (username)
     const char *username;
 {
+#ifdef SETUID_SUPPORT
     struct passwd *pw;
 
     pw = getpwnam (username);
@@ -5354,6 +5355,7 @@
        /* Don't worry about server_cleanup; server_active isn't set yet.  */
        error_exit ();
     }
+#endif /* SETUID_SUPPORT */
 
     /* We don't want our umask to change file modes.  The modes should
        be set by the modes used in the repository, and by the umask of
reply via email to
[Prev in Thread] Current Thread [Next in Thread]