netbsd-bugs: port-i386/33525: Bug in privoxy-3.0.3nb4 prevents option --user from working

Subject: port-i386/33525: Bug in privoxy-3.0.3nb4 prevents option --user from working
To: None <port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,>
From: None <fenicottero@gmail.com>
List: netbsd-bugs
Date: 05/21/2006 19:45:00

>Number:         33525
>Category:       port-i386
>Synopsis:       Bug in privoxy-3.0.3nb4 prevents option --user from working
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun May 21 19:45:00 +0000 2006
>Originator:     Oleg Pilyavets
>Release:        netBSD 3.0 stable
>Organization:
Moscow Institute of Physics and Technology
>Environment:
NetBSD spinor.triniti.nat 3.0 NetBSD 3.0 (MYKERNEL) #4: Mon May  8 08:29:16 MSD 2006  root@spinor.triniti.nat:/usr/src/sys/arch/i386/compile/MYKERNEL i386
>Description:
The option --user in privoxy doesn't work correctly, that is, it doesn't allow user to run privoxy with GID other than default. The problem is in side-effects while evaluating the following:

if (((NULL != grp) && setgid(grp->gr_gid)) || (setgid(pw->pw_gid)))

when privoxy initializes.
On my system, at first, setgid proceeds with user-supplied GID (grp->gr_gid), then setgid with default GID for the specified user (pw->pw_gid) proceeds and overrides user specified settings.
On other systems the behavior depends on order of evaluation in the line above.

On my system, it leads to unability to read config due to 'permission denied' errors, since privoxy config file is readable only for group specified by me, not for default group.
>How-To-Repeat:
We need to run privoxy and specify, as which user and group it should run.
We run
privoxy --user privoxy,mygroup /home/me/my_config
and we can see via ps that privoxy runs with GID corresponding to group 'privoxy', not 'mygroup'.
On my system it leads to 'Permission denied' error when privoxy tries to read my config.

>Fix:
The following patch to privoxy-3.0.3-stable/jcc.c resolves the problem:

--- old_src/privoxy-3.0.3-stable/jcc.c  2003-12-12 15:52:53.000000000 +0300
+++ privoxy-3.0.3-stable/jcc.c  2006-05-22 00:09:48.000000000 +0400
@@ -2043,7 +2043,7 @@
    
    if (NULL != pw)
    {
-      if (((NULL != grp) && setgid(grp->gr_gid)) || (setgid(pw->pw_gid)))
+      if (((NULL != grp) && setgid(grp->gr_gid)) || ((grp == NULL) && setgid(pw->pw_gid)))
       {
          log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions.");
       }