After allocation the socket, become user nobody if current user is root
This commit is contained in:
mainzelm
parent
998182b5cb
commit
f385c76f6a
|
|
@ -96,14 +96,15 @@ exec scsh +lpsd -ll packages.scm -dm -o http-test -e main -s "$0" "$@"
|
||||||
(else
|
(else
|
||||||
(unknown-option-error (car options)))))))))
|
(unknown-option-error (car options)))))))))
|
||||||
|
|
||||||
|
(define (become-nobody-if-root)
|
||||||
|
(cond ((zero? (user-uid))
|
||||||
|
(set-gid (->gid "nobody"))
|
||||||
|
(set-uid (->uid "nobody")))))
|
||||||
|
|
||||||
(define (main args)
|
(define (main args)
|
||||||
(init)
|
(init)
|
||||||
(format #t "reading options: ~s~%" (cdr args))
|
(format #t "reading options: ~s~%" (cdr args))
|
||||||
(get-options (cdr args))
|
(get-options (cdr args))
|
||||||
(cond ((zero? (user-uid))
|
|
||||||
(set-gid (->gid "nobody"))
|
|
||||||
(set-uid (->uid "nobody"))))
|
|
||||||
|
|
||||||
(format #t "Going to run Webserver with:
|
(format #t "Going to run Webserver with:
|
||||||
htdocs-dir: ~a
|
htdocs-dir: ~a
|
||||||
|
|
@ -122,6 +123,7 @@ exec scsh +lpsd -ll packages.scm -dm -o http-test -e main -s "$0" "$@"
|
||||||
with-root-directory (cwd)
|
with-root-directory (cwd)
|
||||||
with-syslog? #t
|
with-syslog? #t
|
||||||
with-log-file log-file-name
|
with-log-file log-file-name
|
||||||
|
with-post-bind-thunk become-nobody-if-root
|
||||||
with-request-handler
|
with-request-handler
|
||||||
(alist-path-dispatcher
|
(alist-path-dispatcher
|
||||||
(list (cons "cgi-bin" (cgi-handler cgi-bin-dir)))
|
(list (cons "cgi-bin" (cgi-handler cgi-bin-dir)))
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue