source:
server/common/patches/httpd-suexec-scripts.patch
@
85
Last change on this file since 85 was 1, checked in by jbarnold, 18 years ago | |
---|---|
File size: 3.1 KB |
-
httpd-2.2.2/support/suexec.c
# scripts.mit.edu httpd suexec patch # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # # See /COPYRIGHT in this repository for more information. #
old new 95 95 { 96 96 /* variable name starts with */ 97 97 "HTTP_", 98 "HTTPS_", 98 99 "SSL_", 99 100 100 101 /* variable name is */ … … 140 141 "UNIQUE_ID=", 141 142 "USER_NAME=", 142 143 "TZ=", 144 "PHPRC=", 143 145 NULL 144 146 }; 145 147 … … 513 515 exit(113); 514 516 } 515 517 } 518 char *expected = malloc(strlen(target_homedir)+strlen(AP_USERDIR_SUFFIX)+1); 519 sprintf(expected, "%s/%s", target_homedir, AP_USERDIR_SUFFIX); 520 if ((strncmp(cwd, expected, strlen(expected))) != 0) { 521 log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected); 522 exit(114); 523 } 516 524 517 525 if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { 518 526 log_err("command not in docroot (%s/%s)\n", cwd, cmd); … … 530 538 /* 531 539 * Error out if cwd is writable by others. 532 540 */ 541 #if 0 533 542 if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) { 534 543 log_err("directory is writable by others: (%s)\n", cwd); 535 544 exit(116); 536 545 } 546 #endif 537 547 538 548 /* 539 549 * Error out if we cannot stat the program. 540 550 */ 541 if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {551 if (((lstat(cmd, &prg_info)) != 0) /*|| (S_ISLNK(prg_info.st_mode))*/) { 542 552 log_err("cannot stat program: (%s)\n", cmd); 543 553 exit(117); 544 554 } … … 546 556 /* 547 557 * Error out if the program is writable by others. 548 558 */ 559 #if 0 549 560 if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) { 550 561 log_err("file is writable by others: (%s/%s)\n", cwd, cmd); 551 562 exit(118); 552 563 } 564 #endif 553 565 554 566 /* 555 567 * Error out if the file is setuid or setgid. … … 563 575 * Error out if the target name/group is different from 564 576 * the name/group of the cwd or the program. 565 577 */ 578 #if 0 566 579 if ((uid != dir_info.st_uid) || 567 580 (gid != dir_info.st_gid) || 568 581 (uid != prg_info.st_uid) || … … 574 587 prg_info.st_uid, prg_info.st_gid); 575 588 exit(120); 576 589 } 590 #endif 577 591 /* 578 592 * Error out if the program is not executable for the user. 579 593 * Otherwise, she won't find any error in the logs except for
Note: See TracBrowser
for help on using the repository browser.