1
Patch: 10_wrapper_uid.patch
2
Author: Tollef Fog Heen <tfheen@debian.org>
3
Makes sure we're called with the right UID and GID
4
Index: src/cgi-wrapper.c
5
===================================================================
6
--- src/cgi-wrapper.c.orig 2006-08-15 15:12:18.000000000 +0800
7
+++ src/cgi-wrapper.c 2006-08-15 15:14:25.000000000 +0800
12
- check_caller(logident, parentgroup);
13
+ if (getgid() >= 100 && getgid() != 65534) check_caller(LOG_IDENT, LEGAL_PARENT_GROUP);
15
/* For these CGI programs, we can ignore argc and argv since they
16
* don't contain anything useful. `script' will always be the driver
17
Index: src/mail-wrapper.c
18
===================================================================
19
--- src/mail-wrapper.c.orig 2006-08-15 15:12:18.000000000 +0800
20
+++ src/mail-wrapper.c 2006-08-15 15:14:25.000000000 +0800
22
fatal(logident, MAIL_ILLEGAL_COMMAND,
23
"Illegal command: %s", argv[1]);
25
- check_caller(logident, parentgroup);
26
+ if (getgid() >= 100 && getgid() != 65534) check_caller(logident, LEGAL_PARENT_GROUP);
28
/* If we got here, everything must be OK */
29
status = run_script(argv[1], argc, argv, env);