* Drop real uid/gid in the suid wrapper, thus allowing commits to remote

  subversion repos and fixing some other issues.

diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index 52a7ca2c70e4ab05b45e5b3c2b852e43e57731f0..deba58d2893e819d51968f9889c99f2807cd26e0 100644 (file)
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -75,6 +75,11 @@ $envsave
        newenviron[i]=NULL;
        environ=newenviron;
 
        newenviron[i]=NULL;
        environ=newenviron;
 

+       if (setregid(getegid(), -1) != 0 || setreuid(geteuid(), -1) != 0) {
+               perror("failed to drop real uid/gid");
+               exit(1);
+       }
+

        execl("$this", "$this", NULL);
        perror("failed to run $this");
        exit(1);
        execl("$this", "$this", NULL);
        perror("failed to run $this");
        exit(1);

diff --git a/debian/changelog b/debian/changelog
index 39b2e829bdea23bc4b8e4f61d13c2e1df7bbec87..4e085b6bedfb9d8e3de961d0f9fecf163e8dec9c 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,10 @@ ikiwiki (1.25) UNRELEASED; urgency=low
 
   * Add proper waitpid calls for open2ed processes throughout to avoid
     zombies; this hit htmltidy especially badly.
 
   * Add proper waitpid calls for open2ed processes throughout to avoid
     zombies; this hit htmltidy especially badly.

+  * Drop real uid/gid in the suid wrapper, thus allowing commits to remote
+    subversion repos and fixing some other issues.

 
 

- -- Joey Hess <joeyh@debian.org>  Sun,  3 Sep 2006 15:56:55 -0400
+ -- Joey Hess <joeyh@debian.org>  Sun,  3 Sep 2006 23:28:37 -0400

 
 ikiwiki (1.24) unstable; urgency=low
 
 
 ikiwiki (1.24) unstable; urgency=low
 

diff --git a/doc/bugs/svn+ssh_commit_fail.mdwn b/doc/bugs/svn+ssh_commit_fail.mdwn
index a26a0b0e439fc7d817c2a06a8743376982c27761..b58f43721b69e4d58e023eee2c522bd53eac9e90 100644 (file)
--- a/doc/bugs/svn+ssh_commit_fail.mdwn
+++ b/doc/bugs/svn+ssh_commit_fail.mdwn
@@ -2,4 +2,4 @@ If I try to do a web commit, to a svn+ssh repo, it fails with
 "Host key verification failed."
 I think that the setuid isn't fully taking; it should be running as me,
 but commit log shows www-data. So maybe it has the wrong username? Or
 "Host key verification failed."
 I think that the setuid isn't fully taking; it should be running as me,
 but commit log shows www-data. So maybe it has the wrong username? Or

-EUID/Real UID screwage.
+EUID/Real UID screwage. [[bugs/done]]

diff --git a/doc/roadmap.mdwn b/doc/roadmap.mdwn
index eb1ebd6fa6ee2fb4b839a18638e2450715fcae25..2cbf6dd1cbd5ff5435ce060abc888abbb4db2458 100644 (file)
--- a/doc/roadmap.mdwn
+++ b/doc/roadmap.mdwn
@@ -18,7 +18,8 @@ Released 29 April 2006.
 * [[Tags]] _(status: fair)_
 * Should have fully working [[todo/utf8]] support. _(status: good)_
 * [[Optimised_rendering|todo/optimisations]] if possible. Deal with other
 * [[Tags]] _(status: fair)_
 * Should have fully working [[todo/utf8]] support. _(status: good)_
 * [[Optimised_rendering|todo/optimisations]] if possible. Deal with other

-  scalability issues. _(status: 45%-60%+ speedup since 1.0)_
+  scalability issues. _(status: 45%-60%+ speedup since 1.0, much more
+  possible)_

 * Improved [[todo/html]] stylesheets and templates.
 * Improved scalable [[logo]]. _(status: done)_
 * Support for at least one RCS aside from svn. Once it supports two, it should
 * Improved [[todo/html]] stylesheets and templates.
 * Improved scalable [[logo]]. _(status: done)_
 * Support for at least one RCS aside from svn. Once it supports two, it should