Project

General

Profile

Actions

Bug #416

closed

lighttpd fails to start for a non-root user with gid 0

Added by Anonymous over 18 years ago. Updated almost 15 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

Trying to start lighttpd as a non-root user in the wheel group fails with "Are you nuts ? Don't apply a SUID bit to this binary" despite the binary not being SUID.

The problem seems to be that on line 345 of server.c
i_am_root = (getuid() 0) and doesn't take into consideration gid. This means that on line 422 of that same file (!i_am_root && (geteuid() 0 || getegid() == 0)) is true and it is assumed that we are setuid, when in fact the binary is not and it is simply the case that the user is in wheel group.

-- careo

Actions #1

Updated by Anonymous over 15 years ago

Under Solaris and the BSDs, the issetugid(2) system call can be used to check for setuid/setgid binaries.

There's a patch by Robert Connolly from Linux From Scratch written for glibc to add issetugid(2) which could be appropriated here.

See http://www.linuxfromscratch.org/patches/hlfs/svn/glibc-2.5.1-issetugid-1.patch and
http://codewiki.ucc.gu.uwa.edu.au:180/issetugid.c

At the very least, rather than


(!i_am_root && (geteuid() == 0 || getegid() == 0))

lighttpd could use


(!i_am_root && (geteuid() != getuid() || getegid() != getgid() ))

-- zanchey

Actions #2

Updated by stbuehler over 15 years ago

  • Target version changed from 1.4.20 to 1.4.21
Actions #3

Updated by icy about 15 years ago

  • Target version changed from 1.4.21 to 1.4.22
  • Patch available set to No
Actions #4

Updated by stbuehler about 15 years ago

  • Target version changed from 1.4.22 to 1.4.23
Actions #5

Updated by stbuehler almost 15 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2436.

Actions

Also available in: Atom