Check-in [f19a95b69c]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Revert [273501fe4e]
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: f19a95b69c5f21b67bb1ad173d8182d350ab5075
User & Date: rkeene 2020-08-25 16:22:18
Context
2020-08-25
16:35
Ensure SSL certificate directory is set to correct location for LibreSSL check-in: e345857571 user: rkeene tags: trunk
16:22
Revert [273501fe4e] check-in: f19a95b69c user: rkeene tags: trunk
16:04
Log pull output to user check-in: 2e87d644dd user: rkeene tags: trunk
Changes

Changes to scripts/fossil-as-user/suid-fossil.

141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
...
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
	$work_dir = '/root';
	$home_dir = $work_dir . '/home';

	$work_dir_outside = $user_directory . $work_dir;
	$home_dir_outside = $user_directory . $home_dir;

	$fossil_binary = $work_dir . '/bin/' . basename($fossil_binary_real);
	$fossil_binary_run = $work_dir . '/bin/fossil';
	$fossil_binary_outside = $user_directory . $fossil_binary;
	$fossil_binary_symlink = dirname($fossil_binary_outside) . "/fossil";

	$real_user_id = (1024 * 1024) + $userid;
	$current_user_id = posix_getuid();
}

................................................................................
		exec_log('setfacl   -m d:m::rwX -m d:u:' . $current_user_id . ':rwX ' . escapeshellarg($repo_directory));
		exec_log('setfacl -m   u:' . $real_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m d:u:' . $real_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m   u:' . $current_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m d:u:' . $current_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
	}

	$command = escapeshellarg(dirname(__FILE__) . "/secure-wrap") . " " . escapeshellarg($userid) . " " . escapeshellarg($user_directory) . " " . escapeshellarg($fossil_binary_run);

	putenv("USER={$username}");
	putenv("HOME={$home_dir}");
} else {
	$downgrade_required = false;
	if (isset($fossil_binary_outside) && file_exists($fossil_binary_outside)) {
		$downgrade_required = true;







<







 







|







141
142
143
144
145
146
147

148
149
150
151
152
153
154
...
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
	$work_dir = '/root';
	$home_dir = $work_dir . '/home';

	$work_dir_outside = $user_directory . $work_dir;
	$home_dir_outside = $user_directory . $home_dir;

	$fossil_binary = $work_dir . '/bin/' . basename($fossil_binary_real);

	$fossil_binary_outside = $user_directory . $fossil_binary;
	$fossil_binary_symlink = dirname($fossil_binary_outside) . "/fossil";

	$real_user_id = (1024 * 1024) + $userid;
	$current_user_id = posix_getuid();
}

................................................................................
		exec_log('setfacl   -m d:m::rwX -m d:u:' . $current_user_id . ':rwX ' . escapeshellarg($repo_directory));
		exec_log('setfacl -m   u:' . $real_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m d:u:' . $real_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m   u:' . $current_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m d:u:' . $current_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
	}

	$command = escapeshellarg(dirname(__FILE__) . "/secure-wrap") . " " . escapeshellarg($userid) . " " . escapeshellarg($user_directory) . " " . escapeshellarg($fossil_binary);

	putenv("USER={$username}");
	putenv("HOME={$home_dir}");
} else {
	$downgrade_required = false;
	if (isset($fossil_binary_outside) && file_exists($fossil_binary_outside)) {
		$downgrade_required = true;