When dropping privileges, also give up membership in supplementary

[privoxy.git] / jcc.c

diff --git a/jcc.c b/jcc.c
index 586576c..76a491b 100644 (file)
--- a/jcc.c
+++ b/jcc.c
@@ -1,4 +1,4 @@
-const char jcc_rcs[] = "$Id: jcc.c,v 1.217 2009/01/07 19:50:09 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.220 2009/02/04 18:29:07 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/jcc.c,v $
@@ -33,6 +33,16 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.217 2009/01/07 19:50:09 fabiankeil Exp $"
  *
  * Revisions   :
  *    $Log: jcc.c,v $
+ *    Revision 1.220  2009/02/04 18:29:07  fabiankeil
+ *    Initialize the log module before parsing arguments.
+ *    Thanks to Matthias Drochner for the report.
+ *
+ *    Revision 1.219  2009/01/31 16:08:21  fabiankeil
+ *    Remove redundant error check in receive_client_request().
+ *
+ *    Revision 1.218  2009/01/31 12:25:54  fabiankeil
+ *    Flatten indentation in receive_client_request().
+ *
  *    Revision 1.217  2009/01/07 19:50:09  fabiankeil
  *    - If the socket-timeout has been reached and the client
  *      hasn't received any data yet, send an explanation before
@@ -2290,18 +2300,15 @@ static jb_err receive_client_request(struct client_state *csp)
 #endif /* def FEATURE_FORCE_LOAD */
 
    err = parse_http_request(req, http, csp);
-   if (JB_ERR_OK != err)
-   {
-      log_error(LOG_LEVEL_ERROR, "Couldn't parse request: %s.", jb_err_to_string(err));
-   }
    freez(req);
-
-   if (http->cmd == NULL)
+   if (JB_ERR_OK != err)
    {
       write_socket(csp->cfd, CHEADER, strlen(CHEADER));
       /* XXX: Use correct size */
       log_error(LOG_LEVEL_CLF, "%s - - [%T] \"Invalid request\" 400 0", csp->ip_addr_str);
-      log_error(LOG_LEVEL_ERROR, "Invalid header received from %s.", csp->ip_addr_str);
+      log_error(LOG_LEVEL_ERROR,
+         "Couldn't parse request line received from %s: %s",
+         csp->ip_addr_str, jb_err_to_string(err));
 
       free_http_request(http);
       return JB_ERR_PARSE;
@@ -3564,6 +3571,9 @@ int main(int argc, const char *argv[])
 #endif
       ;
 
+   /* Enable logging until further notice. */
+   init_log_module(Argv[0]);
+
    /*
     * Parse the command line arguments
     *
@@ -3720,9 +3730,6 @@ int main(int argc, const char *argv[])
    /* Prepare mutexes if supported and necessary. */
    initialize_mutexes();
 
-   /* Enable logging until further notice. */
-   init_log_module(Argv[0]);
-
    random_seed = (unsigned int)time(NULL);
 #ifdef HAVE_RANDOM
    srandom(random_seed);
@@ -3856,6 +3863,17 @@ int main(int argc, const char *argv[])
       {
          log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions.");
       }
+      if (NULL != grp)
+      {
+         if (setgroups(1, &grp->gr_gid))
+         {
+            log_error(LOG_LEVEL_FATAL, "setgroups() failed: %E");
+         }
+      }
+      else if (initgroups(pw->pw_name, pw->pw_gid))
+      {
+         log_error(LOG_LEVEL_FATAL, "initgroups() failed: %E");
+      }
       if (do_chroot)
       {
          if (!pw->pw_dir)