Flint
Check-in [f19a95b69c]
Login
HomeTimelineBranchesTagsTicketsWiki

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Revert [273501fe4e]
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: f19a95b69c5f21b67bb1ad173d8182d350ab5075
User & Date: rkeene 2020-08-25 16:22:18.948
Context
2020-08-25
16:35
Ensure SSL certificate directory is set to correct location for LibreSSL check-in: e345857571 user: rkeene tags: trunk
16:22
Revert [273501fe4e] check-in: f19a95b69c user: rkeene tags: trunk
16:04
Log pull output to user check-in: 2e87d644dd user: rkeene tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to scripts/fossil-as-user/suid-fossil. 
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

	$work_dir = '/root';
	$home_dir = $work_dir . '/home';

	$work_dir_outside = $user_directory . $work_dir;
	$home_dir_outside = $user_directory . $home_dir;

	$fossil_binary = $work_dir . '/bin/' . basename($fossil_binary_real);
	$fossil_binary_run = $work_dir . '/bin/fossil';
	$fossil_binary_outside = $user_directory . $fossil_binary;
	$fossil_binary_symlink = dirname($fossil_binary_outside) . "/fossil";

	$real_user_id = (1024 * 1024) + $userid;
	$current_user_id = posix_getuid();
}









<








141
142
143
144
145
146
147

148
149
150
151
152
153
154

	$work_dir = '/root';
	$home_dir = $work_dir . '/home';

	$work_dir_outside = $user_directory . $work_dir;
	$home_dir_outside = $user_directory . $home_dir;

	$fossil_binary = $work_dir . '/bin/' . basename($fossil_binary_real);

	$fossil_binary_outside = $user_directory . $fossil_binary;
	$fossil_binary_symlink = dirname($fossil_binary_outside) . "/fossil";

	$real_user_id = (1024 * 1024) + $userid;
	$current_user_id = posix_getuid();
}


253
254
255
256
257
258
259
260
261
262
263
264
265
266
267

		exec_log('setfacl   -m d:m::rwX -m d:u:' . $current_user_id . ':rwX ' . escapeshellarg($repo_directory));
		exec_log('setfacl -m   u:' . $real_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m d:u:' . $real_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m   u:' . $current_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m d:u:' . $current_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
	}

	$command = escapeshellarg(dirname(__FILE__) . "/secure-wrap") . " " . escapeshellarg($userid) . " " . escapeshellarg($user_directory) . " " . escapeshellarg($fossil_binary_run);

	putenv("USER={$username}");
	putenv("HOME={$home_dir}");
} else {
	$downgrade_required = false;
	if (isset($fossil_binary_outside) && file_exists($fossil_binary_outside)) {
		$downgrade_required = true;








|








252
253
254
255
256
257
258
259
260
261
262
263
264
265
266

		exec_log('setfacl   -m d:m::rwX -m d:u:' . $current_user_id . ':rwX ' . escapeshellarg($repo_directory));
		exec_log('setfacl -m   u:' . $real_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m d:u:' . $real_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m   u:' . $current_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
		exec_log('setfacl -m d:u:' . $current_user_id . ':rwx ' . escapeshellarg($home_dir_outside));
	}

	$command = escapeshellarg(dirname(__FILE__) . "/secure-wrap") . " " . escapeshellarg($userid) . " " . escapeshellarg($user_directory) . " " . escapeshellarg($fossil_binary);

	putenv("USER={$username}");
	putenv("HOME={$home_dir}");
} else {
	$downgrade_required = false;
	if (isset($fossil_binary_outside) && file_exists($fossil_binary_outside)) {
		$downgrade_required = true;
Powered by Fossil · RSS