Skip to content

[2.4.x] mod_unixd: Merge r1617196, r1617201, r1618778, r1897269, r1927804 from trunk #588

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
notroj wants to merge 5 commits into
base: 2.4.x
Choose a base branch
from
+28 −60
Open

[2.4.x] mod_unixd: Merge r1617196, r1617201, r1618778, r1897269, r1927804 from trunk #588

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
85be139
unixd_drop_privileges and ap_unixd_setup_child are almost the same,
Aug 11, 2014
07ad1d1
geteuid is always successful,
Aug 11, 2014
08cc879
Follow up r1617201:
Aug 19, 2014
b759ee1
mod_unixd: Make CoreDumpDirectory work for FreeBSD 11+. PR 65819.
ylavic Jan 20, 2022
341a784
* modules/arch/unix/mod_unixd.ci (ap_unixd_setup_child):
notroj Aug 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions changes-entries/CoreDumpDirectory-freebsd11.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
*) mod_unixd: CoreDumpDirectory requires enabling tracing on FreeBSD 11+.
PR 65819. [David CARLIER <devnexen gmail.com>]
3 changes: 3 additions & 0 deletions changes-entries/pr69767.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
*) mod_unixd: Drop test that effective user ID is zero in
a chroot configuration. PR 69767.
[Bastien Roucaries <rouca debian.org>]
2 changes: 2 additions & 0 deletions configure.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -463,6 +463,7 @@ pwd.h \
grp.h \
strings.h \
sys/prctl.h \
sys/procctl.h \
sys/processor.h \
sys/sem.h \
sys/sdt.h \
Expand Down Expand Up @@ -520,6 +521,7 @@ getgrnam \
initgroups \
bindprocessor \
prctl \
procctl \
timegm \
getpgid \
fopen64 \
Expand Down
81 changes: 21 additions & 60 deletions modules/arch/unix/mod_unixd.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@
#ifdef HAVE_SYS_PRCTL_H
#include <sys/prctl.h>
#endif
#ifdef HAVE_SYS_PROCCTL_H
#include <sys/procctl.h>
#endif

#ifndef DEFAULT_USER
#define DEFAULT_USER "#-1"
Expand Down Expand Up @@ -134,9 +137,13 @@ static int set_group_privs(void)
return 0;
}


static int
unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
{
return ap_unixd_setup_child();
}

AP_DECLARE(int) ap_unixd_setup_child(void)
{
int rv = set_group_privs();

Expand All @@ -145,13 +152,6 @@ unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
}

if (NULL != ap_unixd_config.chroot_dir) {
if (geteuid()) {
rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02158)
"Cannot chroot when not started as root");
return rv;
}

if (chdir(ap_unixd_config.chroot_dir) != 0) {
rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02159)
Expand Down Expand Up @@ -198,6 +198,19 @@ unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
}
}
#endif
#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
/* FreeBSD 11 and above */
if (ap_coredumpdir_configured) {
int enablecoredump = PROC_TRACE_CTL_ENABLE;
if (procctl(P_PID, 0, PROC_TRACE_CTL, &enablecoredump) != 0) {
rv = errno;
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(10369)
"set dumpable failed - this child will not coredump"
" after software errors");
return rv;
}
}
#endif

return OK;
}
Expand Down Expand Up @@ -326,58 +339,6 @@ unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
return OK;
}

AP_DECLARE(int) ap_unixd_setup_child(void)
{
if (set_group_privs()) {
return -1;
}

if (NULL != ap_unixd_config.chroot_dir) {
if (geteuid()) {
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02164)
"Cannot chroot when not started as root");
return -1;
}
if (chdir(ap_unixd_config.chroot_dir) != 0) {
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02165)
"Can't chdir to %s", ap_unixd_config.chroot_dir);
return -1;
}
if (chroot(ap_unixd_config.chroot_dir) != 0) {
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02166)
"Can't chroot to %s", ap_unixd_config.chroot_dir);
return -1;
}
if (chdir("/") != 0) {
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02167)
"Can't chdir to new root");
return -1;
}
}

/* Only try to switch if we're running as root */
if (!geteuid() && (
#ifdef _OSD_POSIX
os_init_job_environment(NULL, ap_unixd_config.user_name, ap_exists_config_define("DEBUG")) != 0 ||
#endif
setuid(ap_unixd_config.user_id) == -1)) {
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02168)
"setuid: unable to change to uid: %ld",
(long) ap_unixd_config.user_id);
return -1;
}
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/* this applies to Linux 2.4+ */
if (ap_coredumpdir_configured) {
if (prctl(PR_SET_DUMPABLE, 1)) {
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02169)
"set dumpable failed - this child will not coredump"
" after software errors");
}
}
#endif
return 0;
}

static void unixd_dump_config(apr_pool_t *p, server_rec *s)
{
Expand Down
Loading