ports/76146: www/moinmoin permission fix
Choe, Cheng-Dae
whitekid at gmail.com
Wed Jan 12 15:10:23 UTC 2005
>Number: 76146
>Category: ports
>Synopsis: www/moinmoin permission fix
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jan 12 15:10:23 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: "Choe, Cheng-Dae"
>Release: FreeBSD 5.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD comdongin.com 5.3-STABLE FreeBSD 5.3-STABLE #0: Mon Jan 10 02:20:32 KST 2005 root at comdongin.com:/usr/obj/usr/src/sys/CDI i386
>Description:
The www/moinmoin has cgi wrapping program(files/wrapper.c). and moinmoin has own UID/GID for their date files.
When running under apache. The moin wrapper has UID/GID as www/www bug the moinmoin data dir has permission like below.
drwxr--r-- 8 moinmoin moinmoin 512 Jan 11 12:28 data
because of this moin wrapper program have no permission to edit or write. and moinmoin says "Immutable page".
In this pr uses setuid to MOINUSERID(moinmoin) in moin wrappers.
>How-To-Repeat:
- install moinmoin
- move to moinmoin's FrontPage
- Edit page
- It says "Immutable page"
>Fix:
diff -ruN moinmoin/Makefile moinmoin.orig/Makefile
--- moinmoin/Makefile Sun Nov 21 12:23:58 2004
+++ moinmoin.orig/Makefile Mon Dec 13 17:17:42 2004
@@ -37,6 +37,7 @@
${CC} ${CFLAGS} -o ${WRKDIR}/moin \
-DPYTHON_PATH='"${PYTHON_CMD}"' \
-DMOIN_PREFIX='"${MOINDIR}"' \
+ -DMOINUSERID=${CGIUSERID} \
${FILESDIR}/wrapper.c
pre-install:
diff -ruN moinmoin/files/wrapper.c moinmoin.orig/files/wrapper.c
--- moinmoin/files/wrapper.c Wed Mar 13 20:03:23 2002
+++ moinmoin.orig/files/wrapper.c Mon Dec 13 17:06:13 2004
@@ -2,6 +2,7 @@
MoinMoin setuid wrapper by perky
$FreeBSD: ports/www/moinmoin/files/wrapper.c,v 1.3 2002/03/13 11:03:23 pat Exp $
*/
+#include <sys/types.h>
#include <unistd.h>
int
@@ -9,6 +10,7 @@
{
char *margv[] = { PYTHON_PATH, MOIN_PREFIX"/cgi-bin/moin.cgi", NULL };
+ setuid(MOINUSERID);
chdir(MOIN_PREFIX);
return execve(PYTHON_PATH, margv, envp);
}
diff -ruN moinmoin/files/wrapper.c.orig moinmoin.orig/files/wrapper.c.orig
--- moinmoin/files/wrapper.c.orig Thu Jan 1 09:00:00 1970
+++ moinmoin.orig/files/wrapper.c.orig Wed Mar 13 20:03:23 2002
@@ -0,0 +1,14 @@
+/*
+ MoinMoin setuid wrapper by perky
+ $FreeBSD: ports/www/moinmoin/files/wrapper.c,v 1.3 2002/03/13 11:03:23 pat Exp $
+*/
+#include <unistd.h>
+
+int
+main(int argc, char *argv[], char *envp[])
+{
+ char *margv[] = { PYTHON_PATH, MOIN_PREFIX"/cgi-bin/moin.cgi", NULL };
+
+ chdir(MOIN_PREFIX);
+ return execve(PYTHON_PATH, margv, envp);
+}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list