projects / ikiwiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* Drop real uid/gid in the suid wrapper, thus allowing commits to remote
[ikiwiki.git] / IkiWiki / Wrapper.pm
diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index 52a7ca2c70e4ab05b45e5b3c2b852e43e57731f0..deba58d2893e819d51968f9889c99f2807cd26e0 100644 (file)
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -75,6 +75,11 @@ $envsave
        newenviron[i]=NULL;
        environ=newenviron;
 
+       if (setregid(getegid(), -1) != 0 || setreuid(geteuid(), -1) != 0) {
+               perror("failed to drop real uid/gid");
+               exit(1);
+       }
+
        execl("$this", "$this", NULL);
        perror("failed to run $this");
        exit(1);
Ikiwiki is a compiler for VCS-based (Git, Subversion, ...) wikis.