svn commit: r909380 - /commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c

Fri, 12 Feb 2010 04:21:42 -0800 

Author: mturk
Date: Fri Feb 12 12:21:15 2010
New Revision: 909380

URL: http://svn.apache.org/viewvc?rev=909380&view=rev
Log:
Fix DAEMON-93 by calling set_caps only if running as root

Modified:
    commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c

Modified: commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c
URL: 
http://svn.apache.org/viewvc/commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c?rev=909380&r1=909379&r2=909380&view=diff
==============================================================================
--- commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c (original)
+++ commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c Fri Feb 12 
12:21:15 2010
@@ -133,10 +133,10 @@
             } else
                 log_debug("Cannot set supplement group list for user 
'%s'",user);
         }
-    if (getuid() == uid) {
+        if (getuid() == uid) {
             log_debug("No need to change user to '%s'!",user);
-            return(0);
-    }
+             return(0);
+        }
         if (setuid(uid)!=0) {
             log_error("Cannot set user id for user '%s'",user);
             return(-1);
@@ -185,19 +185,22 @@
 }
 static int linuxset_user_group(char *user, int uid, int gid)
 {
+    int caps_set = 0;
     /* set capabilities enough for binding port 80 setuid/getuid */
-    if (set_caps(CAPS)!=0) {
-        if (getuid()!= uid) {
-            log_error("set_caps(CAPS) failed");
+    if (getuid() == 0) {
+        if (set_caps(CAPS)!=0) {
+            if (getuid()!= uid) {
+                log_error("set_caps(CAPS) failed");
+                return(-1);
+            }
+            log_debug("set_caps(CAPS) failed");
+        }
+        /* make sure they are kept after setuid */ 
+        if (prctl(PR_SET_KEEPCAPS,1,0,0,0) < 0) {
+            log_error("prctl failed in linuxset_user_group");
             return(-1);
         }
-        log_debug("set_caps(CAPS) failed");
-    }
-
-    /* make sure they are kept after setuid */ 
-    if (prctl(PR_SET_KEEPCAPS,1,0,0,0) < 0) {
-        log_error("prctl failed in linuxset_user_group");
-        return(-1);
+        caps_set = 1;
     }
 
     /* set setuid/getuid */
@@ -206,13 +209,15 @@
         return(-1);
     }
 
-    /* set capability to binding port 80 read conf */
-    if (set_caps(CAPSMIN)!=0) {
-        if (getuid()!= uid) {
-            log_error("set_caps(CAPSMIN) failed");
-            return(-1);
+    if (caps_set) {
+        /* set capability to binding port 80 read conf */
+        if (set_caps(CAPSMIN)!=0) {
+            if (getuid()!= uid) {
+                log_error("set_caps(CAPSMIN) failed");
+                return(-1);
+            }
+            log_debug("set_caps(CAPSMIN) failed");
         }
-        log_debug("set_caps(CAPSMIN) failed");
     }
 
     return(0);

Reply via email to