ports/76146: www/moinmoin permission fix

Choe, Cheng-Dae whitekid at gmail.com
Wed Jan 12 15:10:23 UTC 2005 

>Number:         76146
>Category:       ports
>Synopsis:       www/moinmoin permission fix
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 12 15:10:23 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     "Choe, Cheng-Dae"
>Release:        FreeBSD 5.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD comdongin.com 5.3-STABLE FreeBSD 5.3-STABLE #0: Mon Jan 10 02:20:32 KST 2005 root at comdongin.com:/usr/obj/usr/src/sys/CDI i386
>Description:
      The www/moinmoin has cgi wrapping program(files/wrapper.c). and moinmoin has own UID/GID for their date files.

When running under apache. The moin wrapper has UID/GID as www/www bug the moinmoin data dir has permission like below.

drwxr--r--  8 moinmoin  moinmoin  512 Jan 11 12:28 data

because of this moin wrapper program have no permission to edit or write. and moinmoin says "Immutable page".

In this pr uses setuid to MOINUSERID(moinmoin) in moin wrappers.
>How-To-Repeat:
- install moinmoin
- move to moinmoin's FrontPage
- Edit page
- It says "Immutable page"
>Fix:
diff -ruN moinmoin/Makefile moinmoin.orig/Makefile
--- moinmoin/Makefile	Sun Nov 21 12:23:58 2004
+++ moinmoin.orig/Makefile	Mon Dec 13 17:17:42 2004
@@ -37,6 +37,7 @@
 	${CC} ${CFLAGS} -o ${WRKDIR}/moin \
 		-DPYTHON_PATH='"${PYTHON_CMD}"' \
 		-DMOIN_PREFIX='"${MOINDIR}"' \
+		-DMOINUSERID=${CGIUSERID} \
 		${FILESDIR}/wrapper.c
 
 pre-install:
diff -ruN moinmoin/files/wrapper.c moinmoin.orig/files/wrapper.c
--- moinmoin/files/wrapper.c	Wed Mar 13 20:03:23 2002
+++ moinmoin.orig/files/wrapper.c	Mon Dec 13 17:06:13 2004
@@ -2,6 +2,7 @@
   MoinMoin setuid wrapper by perky
   $FreeBSD: ports/www/moinmoin/files/wrapper.c,v 1.3 2002/03/13 11:03:23 pat Exp $
 */
+#include <sys/types.h>
 #include <unistd.h>
 
 int
@@ -9,6 +10,7 @@
 {
 	char *margv[] = { PYTHON_PATH, MOIN_PREFIX"/cgi-bin/moin.cgi", NULL };
 
+	setuid(MOINUSERID);
 	chdir(MOIN_PREFIX);
 	return execve(PYTHON_PATH, margv, envp);
 }
diff -ruN moinmoin/files/wrapper.c.orig moinmoin.orig/files/wrapper.c.orig
--- moinmoin/files/wrapper.c.orig	Thu Jan  1 09:00:00 1970
+++ moinmoin.orig/files/wrapper.c.orig	Wed Mar 13 20:03:23 2002
@@ -0,0 +1,14 @@
+/*
+  MoinMoin setuid wrapper by perky
+  $FreeBSD: ports/www/moinmoin/files/wrapper.c,v 1.3 2002/03/13 11:03:23 pat Exp $
+*/
+#include <unistd.h>
+
+int
+main(int argc, char *argv[], char *envp[])
+{
+	char *margv[] = { PYTHON_PATH, MOIN_PREFIX"/cgi-bin/moin.cgi", NULL };
+
+	chdir(MOIN_PREFIX);
+	return execve(PYTHON_PATH, margv, envp);
+}
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list