159f896689
PR: 14866 Submitted by: maintainer
169 lines
5.3 KiB
Plaintext
169 lines
5.3 KiB
Plaintext
--- src/support/suexec.c.orig Mon Jun 21 19:51:41 1999
|
|
+++ src/support/suexec.c Thu Sep 9 18:58:04 1999
|
|
@@ -70,11 +70,35 @@
|
|
*
|
|
*
|
|
*/
|
|
+/*
|
|
+ * "System" CGI modification 97.05.10 by Rick Franchuk (rickf@netnation.com)
|
|
+ *
|
|
+ * I found that while it's great to make scripts run under the UID and GID
|
|
+ * specified in httpd.conf or what /etc/passwd says is 'cool', suEXEC can
|
|
+ * really put a damper on 'System' cgi's, forcing copies of the scripts
|
|
+ * to be installed into users' home directories. That didn't seem very
|
|
+ * fitting... so I changed it so that the target UID check is disabled in
|
|
+ * a system directory #defined in suexec+.h. I hope you all find it useful.
|
|
+ *
|
|
+ * The docroot check had to be bypassed to allow functionality for VirtualHost
|
|
+ * entries. I'm somewhat suprised noone encountered that behavior before.
|
|
+ */
|
|
+ /*
|
|
+ * "FPEXE modification made on 98.05.19 by Scot Hetzel (hetzels@westbend.net)
|
|
+ * based on previous FPEXE modifications supplied by Mark Wormgoor
|
|
+ * (riddles@ipe.nl)
|
|
+ *
|
|
+ * Changes were made in order to use Suexec and Frontpage 98 at the same time.
|
|
+ * After we change to the target_uid and target_gid. We check if cmd = FPEXE,
|
|
+ * if it does then we execute the cmd without performing any further tests.
|
|
+ *
|
|
+ */
|
|
|
|
#include "ap_config.h"
|
|
#include <sys/param.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
+#include <login_cap.h>
|
|
|
|
#include <stdarg.h>
|
|
|
|
@@ -250,6 +274,7 @@
|
|
char *cmd; /* command to be executed */
|
|
char cwd[AP_MAXPATH]; /* current working directory */
|
|
char dwd[AP_MAXPATH]; /* docroot working directory */
|
|
+ login_cap_t *lc; /* user resource limits */
|
|
struct passwd *pw; /* password entry holder */
|
|
struct group *gr; /* group entry holder */
|
|
struct stat dir_info; /* directory info holder */
|
|
@@ -404,6 +429,19 @@
|
|
}
|
|
|
|
/*
|
|
+ * Apply user resource limits based on login class.
|
|
+ */
|
|
+ if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
|
|
+ log_err("login_getclassbyname() failed\n");
|
|
+ exit(248);
|
|
+ }
|
|
+
|
|
+ if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
|
|
+ log_err("setusercontext() failed\n");
|
|
+ exit(249);
|
|
+ }
|
|
+
|
|
+ /*
|
|
* Change UID/GID here so that the following tests work over NFS.
|
|
*
|
|
* Initialize the group access list for the target user,
|
|
@@ -423,6 +461,14 @@
|
|
}
|
|
|
|
/*
|
|
+ * We logged everything, changed to the target uid/gid, and know the
|
|
+ * user is ok. We run fpexe now and bail out before anything goes wrong.
|
|
+ */
|
|
+#ifdef FPEXE
|
|
+ if ((strcmp(cmd, FPEXE)) != NULL) {
|
|
+#endif
|
|
+
|
|
+ /*
|
|
* Get the current working directory, as well as the proper
|
|
* document root (dependant upon whether or not it is a
|
|
* ~userdir request). Error out if we cannot get either one,
|
|
@@ -453,10 +499,15 @@
|
|
}
|
|
}
|
|
|
|
+ /*
|
|
+ * This section must be commented out to work properly with
|
|
+ * VirtualHosts running CGI in thier own directories.
|
|
+ *
|
|
if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
|
|
log_err("command not in docroot (%s/%s)\n", cwd, cmd);
|
|
exit(114);
|
|
}
|
|
+ */
|
|
|
|
/*
|
|
* Stat the cwd and verify it is a directory, or error out.
|
|
@@ -502,6 +553,9 @@
|
|
* Error out if the target name/group is different from
|
|
* the name/group of the cwd or the program.
|
|
*/
|
|
+#ifdef SYSTEM_CGI
|
|
+ if (strncmp(cwd, SYSTEM_CGI, strlen(SYSTEM_CGI))) {
|
|
+#endif
|
|
if ((uid != dir_info.st_uid) ||
|
|
(gid != dir_info.st_gid) ||
|
|
(uid != prg_info.st_uid) ||
|
|
@@ -513,6 +567,10 @@
|
|
prg_info.st_uid, prg_info.st_gid);
|
|
exit(120);
|
|
}
|
|
+#ifdef SYSTEM_CGI
|
|
+ }
|
|
+#endif
|
|
+
|
|
/*
|
|
* Error out if the program is not executable for the user.
|
|
* Otherwise, she won't find any error in the logs except for
|
|
@@ -524,6 +582,49 @@
|
|
}
|
|
|
|
clean_env();
|
|
+
|
|
+#ifdef FPEXE
|
|
+ }
|
|
+ else {
|
|
+
|
|
+ /* The following taken from mod_frontpage.c to check permissions */
|
|
+
|
|
+ /*
|
|
+ * We can't stat the stub dir. Make sure the stub directory is not
|
|
+ * owned by root and not group/world writable
|
|
+ */
|
|
+ if ((lstat(FPSTUBDIR, &dir_info) == -1 ||
|
|
+ dir_info.st_uid ||
|
|
+ (dir_info.st_mode & (S_IWGRP | S_IWOTH)) ||
|
|
+ (!S_ISDIR(dir_info.st_mode)))) {
|
|
+ /*
|
|
+ * User recovery: set directory to be owned by by root with
|
|
+ * permissions r*x*-x*-x.
|
|
+ */
|
|
+ log_err("Incorrect permissions on stub directory \"%-.1024s\"",
|
|
+ FPSTUBDIR);
|
|
+ exit (250);
|
|
+ }
|
|
+
|
|
+ /*
|
|
+ * We can't stat the stub. Make sure the stub is not owned by root,
|
|
+ * set-uid, set-gid, and is not group/world writable or executable.
|
|
+ */
|
|
+ if ((stat(cmd, &prg_info) == -1 ||
|
|
+ prg_info.st_uid ||
|
|
+ !(prg_info.st_mode & S_ISUID) ||
|
|
+ (prg_info.st_mode & S_ISGID) ||
|
|
+ (prg_info.st_mode & (S_IWGRP | S_IWOTH)) ||
|
|
+ !(prg_info.st_mode & (S_IXGRP | S_IXOTH)))) {
|
|
+ /*
|
|
+ * User recovery: set stub to be owned by by root with permissions
|
|
+ * r*s*-x*-x.
|
|
+ */
|
|
+ log_err("Incorrect permissions on stub \"%-.1024s\"", cmd);
|
|
+ exit (251);
|
|
+ }
|
|
+ }
|
|
+#endif
|
|
|
|
/*
|
|
* Be sure to close the log file so the CGI can't
|