wok rev 1095

lighttpd: fix fastcgi detach (Security alert)
author Christophe Lincoln <pankso@slitaz.org>
date Thu Jul 17 13:55:58 2008 +0200 (2008-07-17)
parents 05c1d9e27c1f
children 304c0cd8d5e5
files lighttpd-modules/receipt lighttpd/receipt lighttpd/stuff/fastcgi_detach.patch
line diff
     1.1 --- a/lighttpd-modules/receipt	Thu Jul 17 11:23:56 2008 +0000
     1.2 +++ b/lighttpd-modules/receipt	Thu Jul 17 13:55:58 2008 +0200
     1.3 @@ -1,7 +1,7 @@
     1.4  # SliTaz package receipt.
     1.5  
     1.6  PACKAGE="lighttpd-modules"
     1.7 -VERSION="1.4.19"
     1.8 +VERSION="1.4.19-1"
     1.9  CATEGORY="network"
    1.10  SHORT_DESC="Complementary modules for LightTPD Web server."
    1.11  MAINTAINER="pankso@slitaz.org"

     2.1 --- a/lighttpd/receipt	Thu Jul 17 11:23:56 2008 +0000
     2.2 +++ b/lighttpd/receipt	Thu Jul 17 13:55:58 2008 +0200
     2.3 @@ -1,7 +1,7 @@
     2.4  # SliTaz package receipt.
     2.5  
     2.6  PACKAGE="lighttpd"
     2.7 -VERSION="1.4.19"
     2.8 +VERSION="1.4.19-1"
     2.9  CATEGORY="network"
    2.10  SHORT_DESC="Fast and light HTTP Web server."
    2.11  MAINTAINER="pankso@slitaz.org"
    2.12 @@ -10,7 +10,8 @@
    2.13  SUGGESTED="lighttpd-modules php perl python"
    2.14  TARBALL="$PACKAGE-$VERSION.tar.gz"
    2.15  WEB_SITE="http://www.lighttpd.net/"
    2.16 -WGET_URL="http://www.lighttpd.net/download/$TARBALL"
    2.17 +#WGET_URL="http://www.lighttpd.net/download/$TARBALL"
    2.18 +WGET_URL="http://mirror.slitaz.org/sources/packages/l/$TARBALL"
    2.19  BASE_MODULES="
    2.20  access
    2.21  accesslog
    2.22 @@ -27,6 +28,7 @@
    2.23  compile_rules()
    2.24  {
    2.25  	cd $src
    2.26 +	patch -i ../stuff/fastcgi_detach.patch || exit 1
    2.27  	./configure \
    2.28  		--enable-shared \
    2.29  		--disable-ipv6 \

     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/lighttpd/stuff/fastcgi_detach.patch	Thu Jul 17 13:55:58 2008 +0200
     3.3 @@ -0,0 +1,27 @@
     3.4 +--- src/mod_fastcgi.c
     3.5 ++++ src/mod_fastcgi.c
     3.6 ++@@ -937,6 +937,24 @@
     3.7 ++ 				close(fcgi_fd);
     3.8 ++ 			}
     3.9 ++ 
    3.10 ++			close(STDERR_FILENO);
    3.11 ++			if(srv->errorlog_mode == ERRORLOG_FILE)
    3.12 ++				dup2(srv->errorlog_fd, STDERR_FILENO);
    3.13 ++			else {
    3.14 ++				int fd = open("/dev/null", O_RDWR);
    3.15 ++				dup2(fd, STDERR_FILENO);
    3.16 ++				close(fd);
    3.17 ++			}
    3.18 ++
    3.19 ++			close(STDOUT_FILENO);
    3.20 ++			if(srv->errorlog_mode == ERRORLOG_FILE)
    3.21 ++				dup2(srv->errorlog_fd, STDOUT_FILENO);
    3.22 ++			else {
    3.23 ++				int fd = open("/dev/null", O_RDWR);
    3.24 ++				dup2(fd, STDOUT_FILENO);
    3.25 ++				close(fd);
    3.26 ++			}
    3.27 ++
    3.28 ++ 			/* we don't need the client socket */
    3.29 ++ 			for (i = 3; i < 256; i++) {
    3.30 ++ 				close(i);