source: server/common/patches/httpd-suexec-scripts.patch @ 85

Last change on this file since 85 was 1, checked in by jbarnold, 18 years ago
File size: 3.1 KB
  • httpd-2.2.2/support/suexec.c

    # scripts.mit.edu httpd suexec patch
    # Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
    #
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of the GNU General Public License
    # as published by the Free Software Foundation; either version 2
    # of the License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program; if not, write to the Free Software
    # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    #
    # See /COPYRIGHT in this repository for more information.
    #
    old new  
    9595{
    9696    /* variable name starts with */
    9797    "HTTP_",
     98    "HTTPS_",
    9899    "SSL_",
    99100
    100101    /* variable name is */
     
    140141    "UNIQUE_ID=",
    141142    "USER_NAME=",
    142143    "TZ=",
     144    "PHPRC=",
    143145    NULL
    144146};
    145147
     
    513515            exit(113);
    514516        }
    515517    }
     518    char *expected = malloc(strlen(target_homedir)+strlen(AP_USERDIR_SUFFIX)+1);
     519    sprintf(expected, "%s/%s", target_homedir, AP_USERDIR_SUFFIX);
     520    if ((strncmp(cwd, expected, strlen(expected))) != 0) {
     521        log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected);
     522        exit(114);
     523    }
    516524
    517525    if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
    518526        log_err("command not in docroot (%s/%s)\n", cwd, cmd);
     
    530538    /*
    531539     * Error out if cwd is writable by others.
    532540     */
     541#if 0
    533542    if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) {
    534543        log_err("directory is writable by others: (%s)\n", cwd);
    535544        exit(116);
    536545    }
     546#endif
    537547
    538548    /*
    539549     * Error out if we cannot stat the program.
    540550     */
    541     if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
     551    if (((lstat(cmd, &prg_info)) != 0) /*|| (S_ISLNK(prg_info.st_mode))*/) {
    542552        log_err("cannot stat program: (%s)\n", cmd);
    543553        exit(117);
    544554    }
     
    546556    /*
    547557     * Error out if the program is writable by others.
    548558     */
     559#if 0
    549560    if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) {
    550561        log_err("file is writable by others: (%s/%s)\n", cwd, cmd);
    551562        exit(118);
    552563    }
     564#endif
    553565
    554566    /*
    555567     * Error out if the file is setuid or setgid.
     
    563575     * Error out if the target name/group is different from
    564576     * the name/group of the cwd or the program.
    565577     */
     578#if 0
    566579    if ((uid != dir_info.st_uid) ||
    567580        (gid != dir_info.st_gid) ||
    568581        (uid != prg_info.st_uid) ||
     
    574587                prg_info.st_uid, prg_info.st_gid);
    575588        exit(120);
    576589    }
     590#endif
    577591    /*
    578592     * Error out if the program is not executable for the user.
    579593     * Otherwise, she won't find any error in the logs except for
Note: See TracBrowser for help on using the repository browser.