quark-noroot-20191003-3c7049e.diff - sites - public wiki contents of suckless.org
(HTM) git clone git://git.suckless.org/sites
(DIR) Log
(DIR) Files
(DIR) Refs
---
quark-noroot-20191003-3c7049e.diff (5193B)
---
1 From d91f68b56a4fd673786e9e4df0088642f3b186ff Mon Sep 17 00:00:00 2001
2 From: codesoap <codesoap@mailbox.org>
3 Date: Thu, 3 Oct 2019 17:00:49 +0200
4 Subject: [PATCH] patch: noroot
5
6 Don't require or allow root to run quark.
7 ---
8 main.c | 50 ++------------------------------------------------
9 quark.1 | 13 +------------
10 sock.c | 7 +------
11 sock.h | 2 +-
12 4 files changed, 5 insertions(+), 67 deletions(-)
13
14 diff --git a/main.c b/main.c
15 index c1ff489..583e343 100644
16 --- a/main.c
17 +++ b/main.c
18 @@ -1,9 +1,7 @@
19 /* See LICENSE file for copyright and license details. */
20 #include <errno.h>
21 -#include <grp.h>
22 #include <limits.h>
23 #include <netinet/in.h>
24 -#include <pwd.h>
25 #include <regex.h>
26 #include <signal.h>
27 #include <sys/resource.h>
28 @@ -163,7 +161,7 @@ err:
29 static void
30 usage(void)
31 {
32 - const char *opts = "[-u user] [-g group] [-n num] [-d dir] [-l] "
33 + const char *opts = "[-n num] [-d dir] [-l] "
34 "[-i file] [-v vhost] ... [-m map] ...";
35
36 die("usage: %s -h host -p port %s\n"
37 @@ -174,8 +172,6 @@ usage(void)
38 int
39 main(int argc, char *argv[])
40 {
41 - struct group *grp = NULL;
42 - struct passwd *pwd = NULL;
43 struct rlimit rlim;
44 struct sockaddr_storage in_sa;
45 pid_t cpid, wpid, spid;
46 @@ -188,8 +184,6 @@ main(int argc, char *argv[])
47 /* defaults */
48 int maxnprocs = 512;
49 char *servedir = ".";
50 - char *user = "nobody";
51 - char *group = "nogroup";
52
53 s.host = s.port = NULL;
54 s.vhost = NULL;
55 @@ -202,9 +196,6 @@ main(int argc, char *argv[])
56 case 'd':
57 servedir = EARGF(usage());
58 break;
59 - case 'g':
60 - group = EARGF(usage());
61 - break;
62 case 'h':
63 s.host = EARGF(usage());
64 break;
65 @@ -241,9 +232,6 @@ main(int argc, char *argv[])
66 case 'U':
67 udsname = EARGF(usage());
68 break;
69 - case 'u':
70 - user = EARGF(usage());
71 - break;
72 case 'v':
73 if (spacetok(EARGF(usage()), tok, 4) || !tok[0] || !tok[1] ||
74 !tok[2]) {
75 @@ -291,25 +279,13 @@ main(int argc, char *argv[])
76 die("setrlimit RLIMIT_NPROC:");
77 }
78
79 - /* validate user and group */
80 - errno = 0;
81 - if (user && !(pwd = getpwnam(user))) {
82 - die("getpwnam '%s': %s", user, errno ? strerror(errno) :
83 - "Entry not found");
84 - }
85 - errno = 0;
86 - if (group && !(grp = getgrnam(group))) {
87 - die("getgrnam '%s': %s", group, errno ? strerror(errno) :
88 - "Entry not found");
89 - }
90 -
91 /* Open a new process group */
92 setpgid(0,0);
93
94 handlesignals(sigcleanup);
95
96 /* bind socket */
97 - insock = udsname ? sock_get_uds(udsname, pwd->pw_uid, grp->gr_gid) :
98 + insock = udsname ? sock_get_uds(udsname) :
99 sock_get_ips(s.host, s.port);
100
101 switch (cpid = fork()) {
102 @@ -329,24 +305,9 @@ main(int argc, char *argv[])
103 eunveil(servedir, "r");
104 eunveil(NULL, NULL);
105
106 - /* chroot */
107 if (chdir(servedir) < 0) {
108 die("chdir '%s':", servedir);
109 }
110 - if (chroot(".") < 0) {
111 - die("chroot .:");
112 - }
113 -
114 - /* drop root */
115 - if (grp && setgroups(1, &(grp->gr_gid)) < 0) {
116 - die("setgroups:");
117 - }
118 - if (grp && setgid(grp->gr_gid) < 0) {
119 - die("setgid:");
120 - }
121 - if (pwd && setuid(pwd->pw_uid) < 0) {
122 - die("setuid:");
123 - }
124
125 if (udsname) {
126 epledge("stdio rpath proc unix", NULL);
127 @@ -354,13 +315,6 @@ main(int argc, char *argv[])
128 epledge("stdio rpath proc inet", NULL);
129 }
130
131 - if (getuid() == 0) {
132 - die("Won't run as root user", argv0);
133 - }
134 - if (getgid() == 0) {
135 - die("Won't run as root group", argv0);
136 - }
137 -
138 /* accept incoming connections */
139 while (1) {
140 in_sa_len = sizeof(in_sa);
141 diff --git a/quark.1 b/quark.1
142 index ce315b5..e45140c 100644
143 --- a/quark.1
144 +++ b/quark.1
145 @@ -35,13 +35,8 @@ is a simple HTTP GET/HEAD-only web server for static content.
146 .It Fl d Ar dir
147 Serve
148 .Ar dir
149 -after chrooting into it.
150 +after changing into it.
151 The default is ".".
152 -.It Fl g Ar group
153 -Set group ID when dropping privileges, and in socket mode the group of the
154 -socket file, to the ID of
155 -.Ar group .
156 -The default is "nogroup".
157 .It Fl h Ar host
158 Use
159 .Ar host
160 @@ -86,12 +81,6 @@ redirects on non-standard ports.
161 Create the UNIX-domain socket
162 .Ar file ,
163 listen on it for incoming connections and remove it on exit.
164 -.It Fl u Ar user
165 -Set user ID when dropping privileges,
166 -and in socket mode the user of the socket file,
167 -to the ID of
168 -.Ar user .
169 -The default is "nobody".
170 .It Fl v Ar vhost
171 Add the virtual host specified by
172 .Ar vhost ,
173 diff --git a/sock.c b/sock.c
174 index 7000738..31960c5 100644
175 --- a/sock.c
176 +++ b/sock.c
177 @@ -68,7 +68,7 @@ sock_rem_uds(const char *udsname)
178 }
179
180 int
181 -sock_get_uds(const char *udsname, uid_t uid, gid_t gid)
182 +sock_get_uds(const char *udsname)
183 {
184 struct sockaddr_un addr = {
185 .sun_family = AF_UNIX,
186 @@ -99,11 +99,6 @@ sock_get_uds(const char *udsname, uid_t uid, gid_t gid)
187 die("chmod:");
188 }
189
190 - if (chown(udsname, uid, gid) < 0) {
191 - sock_rem_uds(udsname);
192 - die("chown:");
193 - }
194 -
195 return insock;
196 }
197
198 diff --git a/sock.h b/sock.h
199 index a39aec9..4f790f6 100644
200 --- a/sock.h
201 +++ b/sock.h
202 @@ -8,7 +8,7 @@
203
204 int sock_get_ips(const char *, const char *);
205 void sock_rem_uds(const char *);
206 -int sock_get_uds(const char *, uid_t, gid_t);
207 +int sock_get_uds(const char *);
208 int sock_set_timeout(int, int);
209 int sock_get_inaddr_str(struct sockaddr_storage *, char *, size_t);
210
211 --
212 2.21.0
213