lighttpd fails to start for a non-root user with gid 0
Trying to start lighttpd as a non-root user in the wheel group fails with "Are you nuts ? Don't apply a SUID bit to this binary" despite the binary not being SUID.
The problem seems to be that on line 345 of server.c
i_am_root = (getuid() 0) and doesn't take into consideration gid. This means that on line 422 of that same file
(!i_am_root && (geteuid() 0 || getegid() == 0)) is true and it is assumed that we are setuid, when in fact the binary is not and it is simply the case that the user is in wheel group.
Add proper SUID bit detection (fixes #416)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2436 152afb58-edef-0310-8abb-c4023f1b3aa9
Updated by Anonymous over 10 years ago
Under Solaris and the BSDs, the issetugid(2) system call can be used to check for setuid/setgid binaries.
There's a patch by Robert Connolly from Linux From Scratch written for glibc to add issetugid(2) which could be appropriated here.
At the very least, rather than
(!i_am_root && (geteuid() == 0 || getegid() == 0))
lighttpd could use
(!i_am_root && (geteuid() != getuid() || getegid() != getgid() ))
Also available in: Atom