[Fusionforge-commits] FusionForge branch Branch_5_1 updated. acd90ac5fd7d7c0356661bf27de493cb6576e198
Thorsten Glaser
mirabilos at fusionforge.org
Wed Feb 27 09:38:54 CET 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, Branch_5_1 has been updated
via acd90ac5fd7d7c0356661bf27de493cb6576e198 (commit)
via 9cae1ad87cb9f8465d303e327acaada1b95f28c0 (commit)
from 871c173388a6d2f4f3787bde30c035ac010b2708 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit acd90ac5fd7d7c0356661bf27de493cb6576e198
Author: Thorsten Glaser <tg at mirbsd.org>
Date: Wed Feb 27 09:33:16 2013 +0100
use util_randbytes() to get six random bytes
it’s computationally, and on the kernel pool, much cheaper than
openssl_random_pseudo_bytes() which initialises the OpenSSL pool,
which eats more bytes from the kernel pool
diff --git a/src/common/include/utils.php b/src/common/include/utils.php
index d30aa38..a72a4f6 100644
--- a/src/common/include/utils.php
+++ b/src/common/include/utils.php
@@ -1614,7 +1614,7 @@ function util_create_file_with_contents($path, $contents) {
function util_mkdtemp($suffix = '', $prefix = 'tmp') {
$tempdir = sys_get_temp_dir();
for ($i=0; $i<5; $i++) {
- $id = strtr(base64_encode(openssl_random_pseudo_bytes(6)), '+/', '-_');
+ $id = strtr(base64_encode(util_randbytes(6)), '+/', '-_');
$path = "{$tempdir}/{$prefix}{$id}{$suffix}";
if (mkdir($path, 0700)) {
return $path;
commit 9cae1ad87cb9f8465d303e327acaada1b95f28c0
Author: Thorsten Glaser <tg at mirbsd.org>
Date: Wed Feb 27 09:26:55 2013 +0100
use posix_initgroups() to get the user’s group vector
calling 'su' inside createUserRepo() isn’t going to work because
that function is already run with reduced privilegues; instead,
if the old user is root use posix_initgroups() to switch the
group vector to the new user’s and restore root’s later (if the
old user is not root, we have no way to do that anyway as, in
my tests, posix_initgroups() only works if the current EUID is
0); posix_getgroups() can be used to save the old group list,
but there is no posix_setgroups(), so we need to use this way
diff --git a/src/common/include/utils.php b/src/common/include/utils.php
index 268a016..d30aa38 100644
--- a/src/common/include/utils.php
+++ b/src/common/include/utils.php
@@ -1640,12 +1640,16 @@ function util_sudo_effective_user($username, $function, $params=array()) {
if ($userinfo === False) {
return False;
}
- if (posix_setegid($userinfo['gid']) && posix_seteuid($userinfo['uid'])) {
+ if (posix_setegid($userinfo['gid']) &&
+ ($saved_euid != 0 || posix_initgroups($username, $userinfo['gid'])) &&
+ posix_seteuid($userinfo['uid'])) {
$function($params);
}
posix_setegid($saved_egid);
posix_seteuid($saved_euid);
+ if ($saved_euid == 0)
+ posix_initgroups("root", 0);
}
// Local Variables:
diff --git a/src/plugins/scmgit/common/GitPlugin.class.php b/src/plugins/scmgit/common/GitPlugin.class.php
index 6acffea..ce2ce70 100644
--- a/src/plugins/scmgit/common/GitPlugin.class.php
+++ b/src/plugins/scmgit/common/GitPlugin.class.php
@@ -280,7 +280,7 @@ class GitPlugin extends SCMPlugin {
$root = $params['root'];
$repodir = $root . '/users/' . $user_name . '.git' ;
- system("su - $user_name -c 'chgrp $unix_group $repodir'");
+ chgrp($repodir, $unix_group);
if ($project->enableAnonSCM()) {
chmod ($repodir, 02755);
} else {
-----------------------------------------------------------------------
Summary of changes:
src/common/include/utils.php | 8 ++++++--
src/plugins/scmgit/common/GitPlugin.class.php | 2 +-
2 files changed, 7 insertions(+), 3 deletions(-)
hooks/post-receive
--
FusionForge
More information about the Fusionforge-commits
mailing list