Bug #416
lighttpd fails to start for a non-root user with gid 0
| Status: | Fixed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | jan | % Done: | 100% | |
| Category: | core | |||
| Target version: | 1.4.23 | |||
| Missing in 1.5.x: |
Description
Trying to start lighttpd as a non-root user in the wheel group fails with "Are you nuts ? Don't apply a SUID bit to this binary" despite the binary not being SUID.
The problem seems to be that on line 345 of server.c i_am_root = (getuid() 0) and doesn't take into consideration gid. This means that on line 422 of that same file (!i_am_root && (geteuid() 0 || getegid() == 0)) is true and it is assumed that we are setuid, when in fact the binary is not and it is simply the case that the user is in wheel group.
-- careo
Associated revisions
Add proper SUID bit detection (fixes #416)
merge: Add proper SUID bit detection (#416)
History
#1 Updated by Anonymous almost 5 years ago
Under Solaris and the BSDs, the issetugid(2) system call can be used to check for setuid/setgid binaries.
There's a patch by Robert Connolly from Linux From Scratch written for glibc to add issetugid(2) which could be appropriated here.
See http://www.linuxfromscratch.org/patches/hlfs/svn/glibc-2.5.1-issetugid-1.patch and
http://codewiki.ucc.gu.uwa.edu.au:180/issetugid.c
At the very least, rather than
(!i_am_root && (geteuid() == 0 || getegid() == 0))
lighttpd could use
(!i_am_root && (geteuid() != getuid() || getegid() != getgid() ))
-- zanchey
#2 Updated by stbuehler over 4 years ago
- Target version changed from 1.4.20 to 1.4.21
#3 Updated by icy over 4 years ago
- Target version changed from 1.4.21 to 1.4.22
- Patch available set to No
#4 Updated by stbuehler about 4 years ago
- Target version changed from 1.4.22 to 1.4.23
#5 Updated by stbuehler about 4 years ago
- Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset r2436.
Also available in: Atom