Fossil

Check-in [e65162b4ad]
Login

Check-in [e65162b4ad]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:When chroot()'ing for root user, close the repo _before_ the chroot, not after. Problem reported via ML.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: e65162b4ad664ae3782598c65ead286fd6acbaf0
User & Date: stephan 2013-09-29 12:42:22.709
Context
2013-09-29
15:40
added some docs regarding read/write perms for CGI configurations, per ML thread. ... (check-in: 3892fcab71 user: stephan tags: trunk)
12:42
When chroot()'ing for root user, close the repo _before_ the chroot, not after. Problem reported via ML. ... (check-in: e65162b4ad user: stephan tags: trunk)
12:39
help text fix reported in ML. ... (check-in: 5e6fa72016 user: stephan tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/main.c. 
1147
1148
1149
1150
1151
1152
1153



1154
1155
1156
1157
1158
1159
1160

static char *enter_chroot_jail(char *zRepo){
#if !defined(_WIN32)
  if( getuid()==0 ){
    int i;
    struct stat sStat;
    Blob dir;
    char *zDir;




    file_canonical_name(zRepo, &dir, 0);
    zDir = blob_str(&dir);
    if( file_isdir(zDir)==1 ){
      if( file_chdir(zDir, 1) ){
        fossil_fatal("unable to chroot into %s", zDir);
      }








>
>
>








1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163

static char *enter_chroot_jail(char *zRepo){
#if !defined(_WIN32)
  if( getuid()==0 ){
    int i;
    struct stat sStat;
    Blob dir;
    char *zDir;
    if( g.db!=0 ){
      db_close(1);
    }

    file_canonical_name(zRepo, &dir, 0);
    zDir = blob_str(&dir);
    if( file_isdir(zDir)==1 ){
      if( file_chdir(zDir, 1) ){
        fossil_fatal("unable to chroot into %s", zDir);
      }

1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192

      fossil_fatal("cannot stat() repository: %s", zRepo);
    }
    i = setgid(sStat.st_gid);
    i = i || setuid(sStat.st_uid);
    if(i){
      fossil_fatal("setgid/uid() failed with errno %d", errno);
    }
    if( g.db!=0 ){
      db_close(1);
      db_open_repository(zRepo);
    }
  }
#endif
  return zRepo;
}

/*
** Preconditions:








<
<
|
<








1178
1179
1180
1181
1182
1183
1184


1185

1186
1187
1188
1189
1190
1191
1192

      fossil_fatal("cannot stat() repository: %s", zRepo);
    }
    i = setgid(sStat.st_gid);
    i = i || setuid(sStat.st_uid);
    if(i){
      fossil_fatal("setgid/uid() failed with errno %d", errno);
    }


    db_open_repository(zRepo);

  }
#endif
  return zRepo;
}

/*
** Preconditions: