Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Potential fix to allow fossil ui to be run as root---reopen the database after dropping privileges. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | pending-review |
| Files: | files | file ages | folders |
| SHA1: |
d5432cf6c33ae0b18d2e289d979f1609 |
| User & Date: | andybradford 2014-04-30 07:07:16.421 |
Context
|
2014-04-30
| ||
| 07:11 | Minor cleanup (no change in functionality). ... (check-in: b5e0937518 user: andybradford tags: pending-review) | |
| 07:07 | Potential fix to allow fossil ui to be run as root---reopen the database after dropping privileges. ... (check-in: d5432cf6c3 user: andybradford tags: pending-review) | |
|
2014-04-29
| ||
| 21:29 | Make MinGW(-w64) compile work with USE_SYSTEM_SQLITE = 1. Only works if you have a static libsqlite3.a in your compiler environment. ... (check-in: d00f2cfa80 user: jan.nijtmans tags: trunk) | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
1227 1228 1229 1230 1231 1232 1233 | ** ** zRepo might be a directory itself. In that case chroot into ** the directory zRepo. ** ** Assume the user-id and group-id of the repository, or if zRepo ** is a directory, of that directory. */ | | | 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 |
**
** zRepo might be a directory itself. In that case chroot into
** the directory zRepo.
**
** Assume the user-id and group-id of the repository, or if zRepo
** is a directory, of that directory.
*/
static char *enter_chroot_jail(char *zRepo, int isUiCmd){
#if !defined(_WIN32)
if( getuid()==0 ){
int i;
struct stat sStat;
Blob dir;
char *zDir;
if( g.db!=0 ){
|
| ︙ | ︙ | |||
1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 |
fossil_fatal("cannot stat() repository: %s", zRepo);
}
i = setgid(sStat.st_gid);
i = i || setuid(sStat.st_uid);
if(i){
fossil_fatal("setgid/uid() failed with errno %d", errno);
}
}
#endif
return zRepo;
}
/*
** Preconditions:
| > > > | 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 |
fossil_fatal("cannot stat() repository: %s", zRepo);
}
i = setgid(sStat.st_gid);
i = i || setuid(sStat.st_uid);
if(i){
fossil_fatal("setgid/uid() failed with errno %d", errno);
}
if( g.db==0 && isUiCmd){
db_open_repository(zRepo);
}
}
#endif
return zRepo;
}
/*
** Preconditions:
|
| ︙ | ︙ | |||
1825 1826 1827 1828 1829 1830 1831 |
if( zIpAddr==0 ){
zIpAddr = cgi_ssh_remote_addr(0);
if( zIpAddr && zIpAddr[0] ){
g.fSshClient |= CGI_SSH_CLIENT;
}
}
find_server_repository(0);
| | | 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 |
if( zIpAddr==0 ){
zIpAddr = cgi_ssh_remote_addr(0);
if( zIpAddr && zIpAddr[0] ){
g.fSshClient |= CGI_SSH_CLIENT;
}
}
find_server_repository(0);
g.zRepositoryName = enter_chroot_jail(g.zRepositoryName,0);
if( useSCGI ){
cgi_handle_scgi_request();
}else if( g.fSshClient & CGI_SSH_CLIENT ){
ssh_request_loop(zIpAddr, glob_create(zFileGlob));
}else{
cgi_handle_http_request(zIpAddr);
}
|
| ︙ | ︙ | |||
2041 2042 2043 2044 2045 2046 2047 |
g.httpIn = stdin;
g.httpOut = stdout;
if( g.fHttpTrace || g.fSqlTrace ){
fprintf(stderr, "====== SERVER pid %d =======\n", getpid());
}
g.cgiOutput = 1;
find_server_repository(isUiCmd && zNotFound==0);
| | | 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 |
g.httpIn = stdin;
g.httpOut = stdout;
if( g.fHttpTrace || g.fSqlTrace ){
fprintf(stderr, "====== SERVER pid %d =======\n", getpid());
}
g.cgiOutput = 1;
find_server_repository(isUiCmd && zNotFound==0);
g.zRepositoryName = enter_chroot_jail(g.zRepositoryName,isUiCmd);
if( flags & HTTP_SERVER_SCGI ){
cgi_handle_scgi_request();
}else{
cgi_handle_http_request(0);
}
process_one_web_page(zNotFound, glob_create(zFileGlob));
#else
|
| ︙ | ︙ |