walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Drop privilege of neverbleed daemon first

This commit is contained in:
Tatsuhiro Tsujikawa 2017-02-10 17:42:26 +09:00
parent c02b1041d9
commit e44c58282e
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/shrpx_worker_process.cc
View File

@ -71,6 +71,12 @@ void drop_privileges(
auto config = get_config(); auto config = get_config();
if (getuid() == 0 && config->uid != 0) { if (getuid() == 0 && config->uid != 0) {
#ifdef HAVE_NEVERBLEED
if (nb) {
neverbleed_setuidgid(nb, config->user.c_str(), 1);
}
#endif // HAVE_NEVERBLEED
if (initgroups(config->user.c_str(), config->gid) != 0) { if (initgroups(config->user.c_str(), config->gid) != 0) {
auto error = errno; auto error = errno;
LOG(FATAL) << "Could not change supplementary groups: " LOG(FATAL) << "Could not change supplementary groups: "
@ -93,11 +99,6 @@ void drop_privileges(
LOG(FATAL) << "Still have root privileges?"; LOG(FATAL) << "Still have root privileges?";
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
#ifdef HAVE_NEVERBLEED
if (nb) {
neverbleed_setuidgid(nb, config->user.c_str(), 1);
}
#endif // HAVE_NEVERBLEED
} }
} }
} // namespace } // namespace