Hello,
I think you have to put brackets after the getuser- and getprivmode calls.
i.e getprivmode()
otherwise you specify an expression and not a call to a function. But maybe
you have
some smart macro that takes care of that.
As far as I remember the only error code getprivmode and getusermode can
return is the fact that
the program is already in the requested mode. So I don't think you need to
check the return value
of these functions (I never do)
A last remark, I never terminate a program while in privmode, it may not be
an issue anymore
but on MPE/V you got a system failure doing this. (I learned the hard
way...)
Hope this helps
Best regards,
Johan Harmsen
----- Original Message -----
From: "Curtis Larsen" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, 09 August, 2001 23:47
Subject: Re: [HP3000-L] Apache & suEXEC: The Saga Continues
> Let me elaborate a little: I figure I can just call the
> GETPRIVMODE/GETUSERMODE around the code something like:
>
>
> /*
> * Change UID/GID here so that the following tests work over NFS.
> *
> * Initialize the group access list for the target user,
> * and setgid() to the target group. If unsuccessful, error out.
> */
> #if defined(MPE)
> getprivmode;
> #end
> if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0))
> {
> log_err("emerg: failed to setgid (%ld: %s)\n", gid, cmd);
> exit(109);
> }
>
> /*
> * setuid() to the target user. Error out on fail.
> */
> if ((setuid(uid)) != 0) {
> log_err("emerg: failed to setuid (%ld: %s)\n", uid, cmd);
> exit(110);
> }
>
> #if defined(MPE)
> getusermode;
> #end
>
>
> ...but this seems a little too quick-and-dirty.
> Shouldn't I put some status-checking code in here to make sure we got
> into/out of PRIVMODE OK?
>
> Thanks!
> Curtis
>
> >>> Curtis Larsen <[log in to unmask]> 08/08/2001 12:20:58 PM
> >>>
> Yep... still plugging nickels into this particular gumball machine.
>
> I'm (finally) at the point where I can test suEXEC for real, but I
> know
> it needs to be modified to use GETPRIVMODE / GETUSERMODE GETUID and
> SETUID (as well as live in MPE namespace). Sooooo... where can I find
> the delightful details on calling these functions to wrap the
> following
> GNU C code?
>
> /*
> * Change UID/GID here so that the following tests work over NFS.
> *
> * Initialize the group access list for the target user,
> * and setgid() to the target group. If unsuccessful, error out.
> */
> if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0))
> {
> log_err("emerg: failed to setgid (%ld: %s)\n", gid, cmd);
> exit(109);
> }
>
> /*
> * setuid() to the target user. Error out on fail.
> */
> if ((setuid(uid)) != 0) {
> log_err("emerg: failed to setuid (%ld: %s)\n", uid, cmd);
> exit(110);
> }
>
>
>
> Thanks!
> Curtis
>
>
>
> -----------------------------------------------------
> Confidentiality Notice: This e-mail transmission
> may contain confidential or legally privileged
> information that is intended only for the individual
> or entity named in the e-mail address. If you are not
> the intended recipient, you are hereby notified that
> any disclosure, copying, distribution, or reliance
> upon the contents of this e-mail is strictly prohibited.
>
> If you have received this e-mail transmission in error,
> please reply to the sender, so that we can arrange
> for proper delivery, and then please delete the message
> from your inbox. Thank you.
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|