1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-10 19:03:12 +02:00

- Added Nugget's setuid patch

This commit is contained in:
stskeeps
2002-08-31 16:30:29 +00:00
parent b5827fd1de
commit e1872e1231
3 changed files with 36 additions and 81 deletions
+1
View File
@@ -1578,3 +1578,4 @@ seen. gmtime warning still there
- Fixed a /who bug where /who +c #chan wouldn't display the name of the channel
requested reported by aproxity (#0000304)
- Fixed a bug where /who +c #chan would let you see users in a +s channel
- Added Nugget's setuid patch
+3 -21
View File
@@ -360,27 +360,9 @@
* define IRC_UID to that UID. This should only be defined if you are running
* as root and even then perhaps not.
*/
/*
* Ok this one is being changed. it is advisable never to run anything that
* uses sockets etc. and has the potential for the outside world to connect to it
* to run as root... Hackers do things like buffer overruns, and get dumped on
* a shell with root access effectivley ... so DONT do it.. if a program uses a
* port <1024 it will run as root, once the program has binded to the socket it
* will set its uid to something OTHER than root ... you set that in unrealircd.conf
*
* If you _must_ insist on running as root and not wanting the program to change its
* UID, then define BIG_SECURITY_HOLE below
*/
#if !defined(_WIN32)
/* Change This Line Below \/ */
#define BIG_SECURITY_HOLE
/* Its the one above ^^^^^^^ */
#ifndef BIG_SECURITY_HOLE
#define IRC_UID un_uid
#define IRC_GID un_gid
#endif
#endif
#undef IRC_UID 72
#undef IRC_GID 72
/*
* CLIENT_FLOOD
+32 -60
View File
@@ -78,14 +78,6 @@ char *malloc_options = "h" MALLOC_FLAGS_EXTRA;
#endif
time_t TSoffset = 0;
/* Added DrBin */
#ifndef BIG_SECURITY_HOLE
int un_uid = 99;
int un_gid = 99;
#endif
/* End */
#ifndef _WIN32
extern char unreallogo[];
#endif
@@ -1012,58 +1004,6 @@ int InitwIRCD(int argc, char *argv[])
}
#endif
#if !defined(IRC_UID) && !defined(_WIN32)
if ((uid != euid) && !euid) {
(void)fprintf(stderr,
"ERROR: do not run ircd setuid root. Make it setuid a\
normal user.\n");
exit(-1);
}
#endif
#if (!defined(CHROOTDIR) || (defined(IRC_UID) && defined(IRC_GID))) \
&& !defined(_WIN32)
# ifndef AIX
(void)setuid((uid_t) uid);
(void)setuid((uid_t) euid);
# endif
/*
* Modified 13/2000 DrBin
* We need to have better controll over running as root ... see config.h
*/
if ((int)getuid() == 0) {
#ifndef BIG_SECURITY_HOLE
if ((IRC_UID == 0) || (IRC_GID == 0)) {
(void)fprintf(stderr,
"ERROR: SETUID and SETGID have not been set properly"
"\nPlease read your documentation\n(HINT:SETUID or SETGID can not be 0)\n");
exit(-1);
} else {
/*
* run as a specified user
*/
(void)fprintf(stderr,
"WARNING: ircd invoked as root\n");
(void)fprintf(stderr, " changing to uid %d\n",
IRC_UID);
(void)fprintf(stderr, " changing to gid %d\n",
IRC_GID);
(void)setgid(IRC_GID);
(void)setuid(IRC_UID);
}
#else
/*
* check for setuid root as usual
*/
(void)fprintf(stderr,
"ERROR: do not run ircd setuid root. Make it setuid a\
normal user.\n");
exit(-1);
# endif
}
#endif /*CHROOTDIR/UID/GID/_WIN32 */
#ifndef _WIN32
/*
* didn't set debuglevel
@@ -1228,6 +1168,38 @@ int InitwIRCD(int argc, char *argv[])
R_fin_id = strlen(REPORT_FIN_ID);
R_fail_id = strlen(REPORT_FAIL_ID);
write_pidfile();
#if !defined(IRC_UID) && !defined(_WIN32)
if ((uid != euid) && !euid) {
(void)fprintf(stderr,
"ERROR: do not run ircd setuid root. Make it setuid a normal user.\n");
exit(-1);
}
#endif
if ((int)getuid() == 0) {
#if defined(IRC_UID) && defined(IRC_GID)
if ((IRC_UID == 0) || (IRC_GID == 0)) {
(void)fprintf(stderr,
"ERROR: SETUID and SETGID have not been set properly"
"\nPlease read your documentation\n(HINT:SETUID or SETGID can not be 0)\n");
exit(-1);
} else {
/*
* run as a specified user
*/
(void)fprintf(stderr,
"WARNING: ircd invoked as root\n");
(void)fprintf(stderr, " changing to uid %d\n",
IRC_UID);
(void)fprintf(stderr, " changing to gid %d\n",
IRC_GID);
(void)setgid(IRC_GID);
(void)setuid(IRC_UID);
}
}
#endif
Debug((DEBUG_NOTICE, "Server ready..."));
SetupEvents();
loop.do_bancheck = 0;