From a042f2ea8835a5f1e6c643d231e5c091e239d28d Mon Sep 17 00:00:00 2001 From: florian Date: Tue, 10 Jun 2014 14:38:27 +0000 Subject: Implement -u (user to drop privs to) and -p flag (path to chroot to). This allows to run slowcgi non-chrooted with -p /, requested by at least ratchov@ and henning@. Input by many, OK ratchov@ on a previous diff, "looks good" millert@, man page bits tweak and OK schwarze@ (all some time ago); OK henning@ --- slowcgi.8 | 17 ++++++++++++++++- slowcgi.c | 41 +++++++++++++++++++++++++++++------------ 2 files changed, 45 insertions(+), 13 deletions(-) diff --git a/slowcgi.8 b/slowcgi.8 index 9f1b4f9..9d26af0 100644 --- a/slowcgi.8 +++ b/slowcgi.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: slowcgi.8,v 1.8 2014/06/10 14:33:01 florian Exp $ +.\" $OpenBSD: slowcgi.8,v 1.9 2014/06/10 14:38:27 florian Exp $ .\" .\" Copyright (c) 2013 Florian Obser .\" @@ -23,7 +23,9 @@ .Sh SYNOPSIS .Nm .Op Fl d +.Op Fl p Ar path .Op Fl s Ar socket +.Op Fl u Ar user .Sh DESCRIPTION .Nm is a server which implements the FastCGI Protocol to execute CGI scripts. @@ -65,9 +67,22 @@ Do not daemonize. If this option is specified, .Nm will run in the foreground and log to stderr. +.It Fl p Ar path +.Xr chroot 2 +to +.Ar path . +A +.Ar path +of +.Pa / +effectively disables the chroot. .It Fl s Ar socket Create and bind to alternative local socket at .Ar socket . +.It Fl u Ar user +Drop privileges to +.Ar user +instead of default user www. .El .\" .Sh SEE ALSO .Sh STANDARDS diff --git a/slowcgi.c b/slowcgi.c index 846c1b1..769df03 100644 --- a/slowcgi.c +++ b/slowcgi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: slowcgi.c,v 1.32 2014/06/10 14:33:01 florian Exp $ */ +/* $OpenBSD: slowcgi.c,v 1.33 2014/06/10 14:38:27 florian Exp $ */ /* * Copyright (c) 2013 David Gwynne * Copyright (c) 2013 Florian Obser @@ -238,7 +238,8 @@ __dead void usage(void) { extern char *__progname; - fprintf(stderr, "usage: %s [-d] [-s socket]\n", __progname); + fprintf(stderr, "usage: %s [-d] [-p path] [-s socket] [-u user]\n", + __progname); exit(1); } @@ -255,6 +256,8 @@ main(int argc, char *argv[]) struct passwd *pw; struct stat sb; int c, fd; + const char *chrootpath = NULL; + const char *slowcgi_user = SLOWCGI_USER; /* * Ensure we have fds 0-2 open so that we have no fd overlaps @@ -273,14 +276,20 @@ main(int argc, char *argv[]) } } - while ((c = getopt(argc, argv, "ds:")) != -1) { + while ((c = getopt(argc, argv, "dp:s:u:")) != -1) { switch (c) { case 'd': debug = 1; break; + case 'p': + chrootpath = optarg; + break; case 's': fcgi_socket = optarg; break; + case 'u': + slowcgi_user = optarg; + break; default: usage(); /* NOTREACHED */ @@ -290,10 +299,6 @@ main(int argc, char *argv[]) if (geteuid() != 0) errx(1, "need root privileges"); - pw = getpwnam(SLOWCGI_USER); - if (pw == NULL) - err(1, "no %s user", SLOWCGI_USER); - if (!debug && daemon(1, 0) == -1) err(1, "daemon"); @@ -304,15 +309,27 @@ main(int argc, char *argv[]) event_init(); + pw = getpwnam(SLOWCGI_USER); + if (pw == NULL) + errx(1, "no %s user", SLOWCGI_USER); + slowcgi_listen(fcgi_socket, pw); - if (chroot(pw->pw_dir) == -1) - lerr(1, "chroot(%s)", pw->pw_dir); + lwarnx("slowcgi_user: %s", slowcgi_user); + pw = getpwnam(slowcgi_user); + if (pw == NULL) + errx(1, "no %s user", slowcgi_user); - if (chdir("/") == -1) - lerr(1, "chdir(%s)", pw->pw_dir); + if (chrootpath == NULL) + chrootpath = pw->pw_dir; - ldebug("chroot: %s", pw->pw_dir); + if (chroot(chrootpath) == -1) + lerr(1, "chroot(%s)", chrootpath); + + ldebug("chroot: %s", chrootpath); + + if (chdir("/") == -1) + lerr(1, "chdir(/)"); if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || -- cgit v1.2.3-2-gb3c3