diff --git a/Changes b/Changes index 52497cad8..673fdcc7a 100644 --- a/Changes +++ b/Changes @@ -1578,3 +1578,4 @@ seen. gmtime warning still there - Fixed a /who bug where /who +c #chan wouldn't display the name of the channel requested reported by aproxity (#0000304) - Fixed a bug where /who +c #chan would let you see users in a +s channel +- Added Nugget's setuid patch diff --git a/include/config.h b/include/config.h index c158d29e6..eed8dd2ce 100644 --- a/include/config.h +++ b/include/config.h @@ -360,27 +360,9 @@ * define IRC_UID to that UID. This should only be defined if you are running * as root and even then perhaps not. */ - -/* - * Ok this one is being changed. it is advisable never to run anything that - * uses sockets etc. and has the potential for the outside world to connect to it - * to run as root... Hackers do things like buffer overruns, and get dumped on - * a shell with root access effectivley ... so DONT do it.. if a program uses a - * port <1024 it will run as root, once the program has binded to the socket it - * will set its uid to something OTHER than root ... you set that in unrealircd.conf - * - * If you _must_ insist on running as root and not wanting the program to change its - * UID, then define BIG_SECURITY_HOLE below - */ -#if !defined(_WIN32) -/* Change This Line Below \/ */ -#define BIG_SECURITY_HOLE -/* Its the one above ^^^^^^^ */ -#ifndef BIG_SECURITY_HOLE -#define IRC_UID un_uid -#define IRC_GID un_gid -#endif -#endif + +#undef IRC_UID 72 +#undef IRC_GID 72 /* * CLIENT_FLOOD diff --git a/src/ircd.c b/src/ircd.c index eae181ca0..08e41386d 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -78,14 +78,6 @@ char *malloc_options = "h" MALLOC_FLAGS_EXTRA; #endif time_t TSoffset = 0; -/* Added DrBin */ -#ifndef BIG_SECURITY_HOLE -int un_uid = 99; -int un_gid = 99; -#endif -/* End */ - - #ifndef _WIN32 extern char unreallogo[]; #endif @@ -1012,58 +1004,6 @@ int InitwIRCD(int argc, char *argv[]) } #endif -#if !defined(IRC_UID) && !defined(_WIN32) - if ((uid != euid) && !euid) { - (void)fprintf(stderr, - "ERROR: do not run ircd setuid root. Make it setuid a\ - normal user.\n"); - exit(-1); - } -#endif - -#if (!defined(CHROOTDIR) || (defined(IRC_UID) && defined(IRC_GID))) \ - && !defined(_WIN32) -# ifndef AIX - (void)setuid((uid_t) uid); - (void)setuid((uid_t) euid); -# endif -/* - * Modified 13/2000 DrBin - * We need to have better controll over running as root ... see config.h - */ - if ((int)getuid() == 0) { -#ifndef BIG_SECURITY_HOLE - if ((IRC_UID == 0) || (IRC_GID == 0)) { - (void)fprintf(stderr, - "ERROR: SETUID and SETGID have not been set properly" - "\nPlease read your documentation\n(HINT:SETUID or SETGID can not be 0)\n"); - exit(-1); - } else { - /* - * run as a specified user - */ - - (void)fprintf(stderr, - "WARNING: ircd invoked as root\n"); - (void)fprintf(stderr, " changing to uid %d\n", - IRC_UID); - (void)fprintf(stderr, " changing to gid %d\n", - IRC_GID); - (void)setgid(IRC_GID); - (void)setuid(IRC_UID); - } -#else - /* - * check for setuid root as usual - */ - (void)fprintf(stderr, - "ERROR: do not run ircd setuid root. Make it setuid a\ - normal user.\n"); - exit(-1); -# endif - } -#endif /*CHROOTDIR/UID/GID/_WIN32 */ - #ifndef _WIN32 /* * didn't set debuglevel @@ -1228,6 +1168,38 @@ int InitwIRCD(int argc, char *argv[]) R_fin_id = strlen(REPORT_FIN_ID); R_fail_id = strlen(REPORT_FAIL_ID); write_pidfile(); + +#if !defined(IRC_UID) && !defined(_WIN32) + if ((uid != euid) && !euid) { + (void)fprintf(stderr, + "ERROR: do not run ircd setuid root. Make it setuid a normal user.\n"); + exit(-1); + } +#endif + + if ((int)getuid() == 0) { +#if defined(IRC_UID) && defined(IRC_GID) + if ((IRC_UID == 0) || (IRC_GID == 0)) { + (void)fprintf(stderr, + "ERROR: SETUID and SETGID have not been set properly" + "\nPlease read your documentation\n(HINT:SETUID or SETGID can not be 0)\n"); + exit(-1); + } else { + /* + * run as a specified user + */ + + (void)fprintf(stderr, + "WARNING: ircd invoked as root\n"); + (void)fprintf(stderr, " changing to uid %d\n", + IRC_UID); + (void)fprintf(stderr, " changing to gid %d\n", + IRC_GID); + (void)setgid(IRC_GID); + (void)setuid(IRC_UID); + } + } +#endif Debug((DEBUG_NOTICE, "Server ready...")); SetupEvents(); loop.do_bancheck = 0;