source: branches/fc13-dev/locker/doc/cluedump/suexec.tex @ 2820

Last change on this file since 2820 was 1648, checked in by ezyang, 14 years ago
Add cluedump slide sources to Subversion.
File size: 2.4 KB
Line 
1\subsection{suEXEC}
2
3\begin{frame}
4  \frametitle{Serving static content}
5  \begin{itemize}
6  \item The \texttt{apache} user does not have permission to read the
7    user's files directly.
8  \item Both static and dynamic content is served through suEXEC.
9  \end{itemize}
10\end{frame}
11
12\begin{frame}[fragile,t]
13  \begin{enumerate}
14  \item \texttt{/etc/httpd/conf.d/execsys.conf} is configured to serve
15    static content with the \texttt{cgi-script} handler.
16  \end{enumerate}
17\begin{footnotesize}
18\begin{semiverbatim}
19<Files *.pl>
20        SetHandler cgi-script
21        Options +ExecCGI
22</Files>
23<Files *.php>
24        SetHandler cgi-script
25        Options +ExecCGI
26</Files>
27\ldots
28<Files *.html>
29        SetHandler cgi-script
30        Options +ExecCGI
31</Files>
32<Files *.css>
33        SetHandler cgi-script
34        Options +ExecCGI
35</Files>
36\ldots
37\end{semiverbatim}
38\end{footnotesize}
39\end{frame}
40
41\begin{frame}[fragile,t]
42  \begin{enumerate}
43    \addtocounter{enumi}{1}
44  \item \texttt{openafs/src/afs/VNOPS/afs\_vnop\_access.c} is modified
45    to mark \emph{all} files as executable (!).
46  \end{enumerate}
47\begin{footnotesize}
48\begin{semiverbatim}
49 int
50 afs_access(OSI_VC_DECL(avc), register afs_int32 amode,
51            struct AFS_UCRED *acred)
52 \{
53     register afs_int32 code;
54     struct vrequest treq;
55     struct afs_fakestat_state fakestate;
56     OSI_VC_CONVERT(avc);
57 
58     AFS_STATCNT(afs_access);
59+    amode = amode & ~VEXEC;
60     afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc,
61                ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET,
62                ICL_HANDLE_OFFSET(avc->m.Length));
63     \ldots
64 \}
65\end{semiverbatim}
66\end{footnotesize}
67\end{frame}
68
69\begin{frame}[fragile,t]
70  \begin{enumerate}
71    \addtocounter{enumi}{2}
72  \item \texttt{httpd/support/suexec.c} is modified to dispatch static
73    content to \texttt{/usr/local/bin/static-cat}.
74  \end{enumerate}
75\begin{footnotesize}
76\begin{semiverbatim}
77+#define STATIC_CAT_PATH "/usr/local/bin/static-cat"
78+static const char *static_extensions[] = \{
79+    "html",
80+    "css",
81+    \ldots
82+\}
83+
84 int main(int argc, char *argv[])
85 \{
86     \ldots
87+    if (is_static_extension(cmd)) \{
88+        argv[2] = STATIC_CAT_PATH;
89+        execv(STATIC_CAT_PATH, &argv[2]);
90+        log_err("(%d)%s: static_cat exec failed (%s)\\n", errno,
91+                strerror(errno), argv[2]);
92+        exit(255);
93+    \}
94\end{semiverbatim}
95\end{footnotesize}
96\end{frame}
Note: See TracBrowser for help on using the repository browser.