From e9009b9198205ff5b9d1fc44940c4e07bc9fa241 Mon Sep 17 00:00:00 2001 From: Tom MTT Date: Mon, 21 Nov 2022 20:53:55 +0100 Subject: [PATCH 1/2] fix(feuille.c): background mode wasn't working when chrooted freopen() could not find /dev/null but still closed std(in|out|err). New sockets took the stdin file descriptor and broke everything. Now it's fixed, and I even discovered the daemon() function. --- feuille.c | 53 +++++++++++++++++++++-------------------------------- 1 file changed, 21 insertions(+), 32 deletions(-) diff --git a/feuille.c b/feuille.c index 4222ffd..628a844 100644 --- a/feuille.c +++ b/feuille.c @@ -232,6 +232,19 @@ int main(int argc, char *argv[]) chdir(path); + /* user checks */ + if (strlen(settings.user) == 0) + settings.user = "nobody"; + + verbose(2, "getting uid and gid of user `%s'...", settings.user); + + struct passwd *user; + if ((user = getpwnam(settings.user)) == NULL) + die(1, "User `%s' doesn't exist\n", settings.user); + + int uid = user->pw_uid; + int gid = user->pw_gid; + /* server socket creation (before dropping root permissions) */ verbose(1, "initializing server socket..."); @@ -239,20 +252,16 @@ int main(int argc, char *argv[]) if ((server = initialize_server()) == -1) die(errno, "Failed to initialize server socket: %s\n", strerror(errno)); + /* make feuille run in the background */ + if (!settings.foreground) { + verbose(1, "making feuille run in the background..."); + verbose(2, "closing input / output file descriptors..."); + + daemon(1, 0); + } + /* chroot and drop root permissions */ if (getuid() == 0) { - if (strlen(settings.user) == 0) - settings.user = "nobody"; - - verbose(2, "getting uid and gid of user `%s'...", settings.user); - - struct passwd *user; - if ((user = getpwnam(settings.user)) == NULL) - die(1, "User `%s' doesn't exist\n", settings.user); - - int uid = user->pw_uid; - int gid = user->pw_gid; - verbose(2, "setting owner of `%s' to `%s'...", path, settings.user); chown(path, uid, gid); @@ -272,26 +281,6 @@ int main(int argc, char *argv[]) puts(""); } - /* run feuille in the background */ - if (!settings.foreground) { - verbose(1, "making feuille run in the background..."); - verbose(2, "closing input / output file descriptors..."); - - int pid; - if ((pid = fork()) < 0) - exit(1); - - else if (pid > 0) - exit(0); - - if (setsid() < 0) - exit(1); - - freopen("/dev/null", "r", stdin); - freopen("/dev/null", "w", stdout); - freopen("/dev/null", "w", stderr); - } - /* OpenBSD-only security measures */ #ifdef __OpenBSD__ pledge("proc stdio rpath wpath cpath inet", "stdio rpath wpath cpath inet"); From d2c3270b4b09d67374f88548efab0301ef00ae98 Mon Sep 17 00:00:00 2001 From: Tom MTT Date: Mon, 21 Nov 2022 20:57:59 +0100 Subject: [PATCH 2/2] fix(feuille.c): added some space around important blocks --- feuille.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/feuille.c b/feuille.c index 628a844..67787ad 100644 --- a/feuille.c +++ b/feuille.c @@ -218,6 +218,7 @@ int main(int argc, char *argv[]) if (argc != 0) usage(1); + /* output folder checks */ char path[PATH_MAX]; @@ -245,6 +246,7 @@ int main(int argc, char *argv[]) int uid = user->pw_uid; int gid = user->pw_gid; + /* server socket creation (before dropping root permissions) */ verbose(1, "initializing server socket..."); @@ -260,6 +262,7 @@ int main(int argc, char *argv[]) daemon(1, 0); } + /* chroot and drop root permissions */ if (getuid() == 0) { verbose(2, "setting owner of `%s' to `%s'...", path, settings.user); @@ -286,6 +289,7 @@ int main(int argc, char *argv[]) pledge("proc stdio rpath wpath cpath inet", "stdio rpath wpath cpath inet"); #endif + /* create a thread pool for incoming connections */ verbose(1, "initializing worker pool..."); @@ -368,6 +372,7 @@ int main(int argc, char *argv[]) die(errno, "Could not initialize worker n. %d: %s\n", i, strerror(errno)); } + sleep(1); verbose(1, "all workers have been initialized.");