Overview

File fix-error-handling-when-dropping-group-privileges.dif of Package apache2-mod_wsgi.openSUSE_13.1_Update

Index: mod_wsgi-3.4/mod_wsgi.c
===================================================================
--- mod_wsgi-3.4.orig/mod_wsgi.c
+++ mod_wsgi-3.4/mod_wsgi.c
@@ -10369,7 +10369,7 @@ static void wsgi_setup_daemon_name(WSGID
 #endif
 }
 
-static void wsgi_setup_access(WSGIDaemonProcess *daemon)
+static int wsgi_setup_access(WSGIDaemonProcess *daemon)
 {
     /* Setup the umask for the effective user. */
 
@@ -10383,6 +10383,8 @@ static void wsgi_setup_access(WSGIDaemon
             ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
                          "mod_wsgi (pid=%d): Unable to change root "
                          "directory to '%s'.", getpid(), daemon->group->root);
+
+            return -1;
         }
     }
 
@@ -10393,6 +10395,8 @@ static void wsgi_setup_access(WSGIDaemon
             ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
                          "mod_wsgi (pid=%d): Unable to change working "
                          "directory to '%s'.", getpid(), daemon->group->home);
+
+            return -1;
         }
     }
     else if (geteuid()) {
@@ -10405,12 +10409,16 @@ static void wsgi_setup_access(WSGIDaemon
                 ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
                              "mod_wsgi (pid=%d): Unable to change working "
                              "directory to '%s'.", getpid(), pwent->pw_dir);
+
+                return -1;
             }
         }
         else {
             ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
                          "mod_wsgi (pid=%d): Unable to determine home "
                          "directory for uid=%ld.", getpid(), (long)geteuid());
+
+            return -1;
         }
     }
     else {
@@ -10423,6 +10431,8 @@ static void wsgi_setup_access(WSGIDaemon
                 ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
                              "mod_wsgi (pid=%d): Unable to change working "
                              "directory to '%s'.", getpid(), pwent->pw_dir);
+
+                return -1;
             }
         }
         else {
@@ -10430,13 +10440,15 @@ static void wsgi_setup_access(WSGIDaemon
                          "mod_wsgi (pid=%d): Unable to determine home "
                          "directory for uid=%ld.", getpid(),
                          (long)daemon->group->uid);
+
+            return -1;
         }
     }
 
     /* Don't bother switch user/group if not root. */
 
     if (geteuid())
-        return;
+        return 0;
 
     /* Setup the daemon process real and effective group. */
 
@@ -10444,6 +10456,8 @@ static void wsgi_setup_access(WSGIDaemon
         ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
                      "mod_wsgi (pid=%d): Unable to set group id to gid=%u.",
                      getpid(), (unsigned)daemon->group->gid);
+
+        return -1;
     }
     else {
         if (daemon->group->groups) {
@@ -10454,6 +10468,8 @@ static void wsgi_setup_access(WSGIDaemon
                              "to set supplementary groups for uname=%s "
                              "of '%s'.", getpid(), daemon->group->user,
                              daemon->group->groups_list);
+
+                return -1;
             }
         }
         else if (initgroups(daemon->group->user, daemon->group->gid) == -1) {
@@ -10461,6 +10477,8 @@ static void wsgi_setup_access(WSGIDaemon
                          wsgi_server, "mod_wsgi (pid=%d): Unable "
                          "to set groups for uname=%s and gid=%u.", getpid(),
                          daemon->group->user, (unsigned)daemon->group->gid);
+
+            return -1;
         }
     }
 
@@ -10478,12 +10496,23 @@ static void wsgi_setup_access(WSGIDaemon
          * reached their process limit. In that case will be left
          * running as wrong user. Just exit on all failures to be
          * safe. Don't die immediately to avoid a fork bomb.
+         *
+         * We could just return -1 here and let the caller do the
+         * sleep() and exit() but this failure is critical enough
+         * that we still do it here so it is obvious that the issue
+         * is being addressed.
          */
+        ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
+                     "mod_wsgi (pid=%d): Failure to configure the "
+                     "daemon process correctly and process left in "
+                     "unspecified state. Restarting daemon process "
+                     "after delay.", getpid());
 
         sleep(20);
 
         exit(-1);
     }
+    return 0;
 }
 
 static int wsgi_setup_socket(WSGIProcessGroup *process)
@@ -11496,7 +11525,24 @@ static int wsgi_start_process(apr_pool_t
 
         /* Setup daemon process user/group/umask etc. */
 
-        wsgi_setup_access(daemon);
+        if (wsgi_setup_access(daemon) == -1) {
+            /*
+             * If we get any failure from setting up the appropriate
+             * permissions or working directory for the daemon process
+             * then we exit the process. Don't die immediately to avoid
+             * a fork bomb.
+             */
+
+            ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
+                         "mod_wsgi (pid=%d): Failure to configure the "
+                         "daemon process correctly and process left in "
+                         "unspecified state. Restarting daemon process "
+                         "after delay.", getpid());
+
+            sleep(20);
+
+            exit(-1);
+        }
 
         /* Reinitialise accept mutex in daemon process. */
openSUSE Build Service is sponsored by
Places