source: server/common/patches/httpd-suexec-scripts.patch @ 21

Last change on this file since 21 was 1, checked in by jbarnold, 18 years ago
File size: 3.1 KB
RevLine 
[1]1# scripts.mit.edu httpd suexec patch
2# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
3#
4# This program is free software; you can redistribute it and/or
5# modify it under the terms of the GNU General Public License
6# as published by the Free Software Foundation; either version 2
7# of the License, or (at your option) any later version.
8#
9# This program is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with this program; if not, write to the Free Software
16# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
17#
18# See /COPYRIGHT in this repository for more information.
19#
20--- httpd-2.2.2/support/suexec.c.old    2006-04-21 21:53:06.000000000 -0400
21+++ httpd-2.2.2/support/suexec.c        2006-08-25 10:04:22.000000000 -0400
22@@ -95,6 +95,7 @@
23 {
24     /* variable name starts with */
25     "HTTP_",
26+    "HTTPS_",
27     "SSL_",
28 
29     /* variable name is */
30@@ -140,6 +141,7 @@
31     "UNIQUE_ID=",
32     "USER_NAME=",
33     "TZ=",
34+    "PHPRC=",
35     NULL
36 };
37 
38@@ -513,6 +515,12 @@
39             exit(113);
40         }
41     }
42+    char *expected = malloc(strlen(target_homedir)+strlen(AP_USERDIR_SUFFIX)+1);
43+    sprintf(expected, "%s/%s", target_homedir, AP_USERDIR_SUFFIX);
44+    if ((strncmp(cwd, expected, strlen(expected))) != 0) {
45+        log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected);
46+        exit(114);
47+    }
48 
49     if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
50         log_err("command not in docroot (%s/%s)\n", cwd, cmd);
51@@ -530,15 +538,17 @@
52     /*
53      * Error out if cwd is writable by others.
54      */
55+#if 0
56     if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) {
57         log_err("directory is writable by others: (%s)\n", cwd);
58         exit(116);
59     }
60+#endif
61 
62     /*
63      * Error out if we cannot stat the program.
64      */
65-    if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
66+    if (((lstat(cmd, &prg_info)) != 0) /*|| (S_ISLNK(prg_info.st_mode))*/) {
67         log_err("cannot stat program: (%s)\n", cmd);
68         exit(117);
69     }
70@@ -546,10 +556,12 @@
71     /*
72      * Error out if the program is writable by others.
73      */
74+#if 0
75     if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) {
76         log_err("file is writable by others: (%s/%s)\n", cwd, cmd);
77         exit(118);
78     }
79+#endif
80 
81     /*
82      * Error out if the file is setuid or setgid.
83@@ -563,6 +575,7 @@
84      * Error out if the target name/group is different from
85      * the name/group of the cwd or the program.
86      */
87+#if 0
88     if ((uid != dir_info.st_uid) ||
89         (gid != dir_info.st_gid) ||
90         (uid != prg_info.st_uid) ||
91@@ -574,6 +587,7 @@
92                 prg_info.st_uid, prg_info.st_gid);
93         exit(120);
94     }
95+#endif
96     /*
97      * Error out if the program is not executable for the user.
98      * Otherwise, she won't find any error in the logs except for
Note: See TracBrowser for help on using the repository browser.