web commit by HenrikBrixAndersen: ikiwiki-mass-rebuild fails to drop privileges and...
authorJoey Hess <joey@wren.kitenet.net>
Thu, 25 Oct 2007 11:44:18 +0000 (07:44 -0400)
committerJoey Hess <joey@wren.kitenet.net>
Thu, 25 Oct 2007 11:44:18 +0000 (07:44 -0400)
doc/bugs/ikiwiki-mass-rebuild_fails_to_drop_privileges_and_execute_ikiwiki.mdwn [new file with mode: 0644]

diff --git a/doc/bugs/ikiwiki-mass-rebuild_fails_to_drop_privileges_and_execute_ikiwiki.mdwn b/doc/bugs/ikiwiki-mass-rebuild_fails_to_drop_privileges_and_execute_ikiwiki.mdwn
new file mode 100644 (file)
index 0000000..ae7f908
--- /dev/null
@@ -0,0 +1,24 @@
+The ikiwiki-mass-rebuild utility fails to drop privileges and fails to execute ikiwiki on FreeBSD.
+
+The solution is to set the effective UID after setting the real UID, and to set $PATH in the environment before calling exec().
+
+Proposed patch:
+
+    --- ikiwiki-mass-rebuild.orig      2007-08-15 22:21:59.000000000 +0200
+    +++ ikiwiki-mass-rebuild   2007-10-25 13:04:10.000000000 +0200
+    @@ -22,13 +22,14 @@ sub processline {
+               my ($uuid, $ugid) = (getpwnam($user))[2, 3];
+               $)="$ugid $ugid";
+               $(=$ugid;
+    -          $>=$uuid;
+               $<=$uuid;
+    +          $>=$uuid;
+               if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") {
+                       die "failed to drop permissions to $user";
+               }
+               %ENV=();
+               $ENV{HOME}=(getpwnam($user))[7];
+    +          $ENV{PATH}="/usr/bin:/usr/local/bin";
+               exec("ikiwiki", "-setup", $setup, @ARGV);
+               die "failed to run ikiwiki: $!";
+       }