Context Navigation

source: trunk/server/common/patches/httpd-suexec-scripts.patch @ 1168

Last change on this file since 1168 was 1167, checked in by geofft, 15 years ago
suexec: Let the JAVA_TOOL_OPTIONS environment variable through.
File size: 9.2 KB

Rev	Line
[1]	1	# scripts.mit.edu httpd suexec patch
[823]	2	# Copyright (C) 2006, 2007, 2008 Jeff Arnold <jbarnold@mit.edu>,
	3	# Joe Presbrey <presbrey@mit.edu>,
	4	# Anders Kaseorg <andersk@mit.edu>,
	5	# Geoffrey Thomas <geofft@mit.edu>
[1]	6	#
	7	# This program is free software; you can redistribute it and/or
	8	# modify it under the terms of the GNU General Public License
	9	# as published by the Free Software Foundation; either version 2
	10	# of the License, or (at your option) any later version.
	11	#
	12	# This program is distributed in the hope that it will be useful,
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	# GNU General Public License for more details.
	16	#
	17	# You should have received a copy of the GNU General Public License
	18	# along with this program; if not, write to the Free Software
	19	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
	20	#
	21	# See /COPYRIGHT in this repository for more information.
	22	#
[103]	23	--- httpd-2.2.2/support/Makefile.in.old 2005-07-06 19:15:34.000000000 -0400
	24	+++ httpd-2.2.2/support/Makefile.in 2007-01-20 17:12:51.000000000 -0500
	25	@@ -60,7 +60,7 @@
	26
	27	suexec_OBJECTS = suexec.lo
	28	suexec: $(suexec_OBJECTS)
	29	- $(LINK) $(suexec_OBJECTS)
	30	+ $(LINK) -lselinux $(suexec_OBJECTS)
	31
	32	htcacheclean_OBJECTS = htcacheclean.lo
	33	htcacheclean: $(htcacheclean_OBJECTS)
[823]	34	--- httpd-2.2.2/configure.in.old 2007-07-17 10:48:25.000000000 -0400
	35	+++ httpd-2.2.2/configure.in 2008-08-29 08:15:41.000000000 -0400
	36	@@ -559,6 +559,10 @@
	37	APACHE_HELP_STRING(--with-suexec-userdir,User subdirectory),[
	38	AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, "$withval", [User subdirectory] ) ] )
	39
	40	+AC_ARG_WITH(suexec-trusteddir,
	41	+APACHE_HELP_STRING(--with-suexec-trusteddir,Trusted SuExec directory),[
	42	+ AC_DEFINE_UNQUOTED(AP_TRUSTED_DIRECTORY, "$withval", [Trusted SuExec directory] ) ] )
	43	+
	44	AC_ARG_WITH(suexec-docroot,
	45	APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[
	46	AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] )
[1]	47	--- httpd-2.2.2/support/suexec.c.old 2006-04-21 21:53:06.000000000 -0400
[315]	48	+++ httpd-2.2.2/support/suexec.c 2007-05-22 10:32:04.000000000 -0400
[842]	49	@@ -30,6 +30,9 @@
[298]	50	*
	51	*/
	52
	53	+#define STATIC_CAT_PATH "/usr/local/bin/static-cat"
[842]	54	+#define PHP_PATH "/usr/bin/php-cgi"
[298]	55	+
	56	#include "apr.h"
	57	#include "ap_config.h"
	58	#include "suexec.h"
	59	@@ -46,6 +48,7 @@
[103]	60	#include <stdio.h>
	61	#include <stdarg.h>
	62	#include <stdlib.h>
	63	+#include <selinux/selinux.h>
	64
	65	#ifdef HAVE_PWD_H
	66	#include <pwd.h>
[405]	67	@@ -95,6 +98,7 @@
[1]	68	{
	69	/* variable name starts with */
	70	"HTTP_",
	71	+ "HTTPS_",
	72	"SSL_",
	73
	74	/* variable name is */
[1167]	75	@@ -108,6 +113,7 @@
	76	"DOCUMENT_ROOT=",
	77	"DOCUMENT_URI=",
	78	"GATEWAY_INTERFACE=",
	79	+ "JAVA_TOOL_OPTIONS=",
	80	"HTTPS=",
	81	"LAST_MODIFIED=",
	82	"PATH_INFO=",
[944]	83	@@ -245,9 +250,67 @@
[298]	84	environ = cleanenv;
	85	}
	86
	87	+static const char *static_extensions[] = {
	88	+ "html",
	89	+ "css",
	90	+ "gif",
	91	+ "jpg",
	92	+ "png",
	93	+ "htm",
	94	+ "jpeg",
	95	+ "js",
	96	+ "ico",
	97	+ "xml",
	98	+ "xsl",
	99	+ "tiff",
	100	+ "tif",
	101	+ "tgz",
	102	+ "tar",
	103	+ "jar",
	104	+ "zip",
	105	+ "pdf",
	106	+ "ps",
	107	+ "doc",
	108	+ "xls",
	109	+ "ppt",
	110	+ "swf",
	111	+ "mp3",
	112	+ "mov",
	113	+ "wmv",
	114	+ "mpg",
	115	+ "mpeg",
	116	+ "avi",
	117	+ "il",
	118	+ "JPG",
[315]	119	+ "xhtml",
[618]	120	+ "svg",
[944]	121	+ "xaml",
	122	+ "xap",
[298]	123	+ NULL
	124	+};
	125	+
	126	+static int is_static_extension(const char *file)
	127	+{
	128	+ const char *extension = strrchr(file, '.');
	129	+ const char **p;
	130	+ if (extension == NULL) return 0;
	131	+ for (p = static_extensions; *p; ++p) {
	132	+ if (strcmp(extension + 1, *p) == 0) return 1;
	133	+ }
	134	+ return 0;
	135	+}
	136	+
[842]	137	+static int is_php_extension(const char *file)
	138	+{
	139	+ const char *extension = strrchr(file, '.');
	140	+ if (extension == NULL) return 0;
	141	+ return strcmp(extension + 1, "php") == 0;
	142	+}
	143	+
[298]	144	int main(int argc, char *argv[])
	145	{
	146	int userdir = 0; /* ~userdir flag */
[823]	147	+ int trusteddir = 0; /* TRUSTED_DIRECTORY flag */
	148	uid_t uid; /* user information */
	149	gid_t gid; /* target group placeholder */
	150	char target_uname; / target user name */
[944]	151	@@ -350,6 +406,20 @@
[823]	152	#endif /_OSD_POSIX/
	153
	154	/*
	155	+ * First check if this is an absolute path to the directory
	156	+ * of trusted executables. These are supposed to be security
	157	+ * audited to check parameters and validity on their own...
	158	+ */
	159	+ if (strstr(cmd, AP_TRUSTED_DIRECTORY) == cmd) {
	160	+ if (strstr(cmd, "/../") != NULL) {
	161	+ log_err("invalid command (%s)\n", cmd);
	162	+ exit(104);
	163	+ }
	164	+ trusteddir = 1;
	165	+ goto TRUSTED_DIRECTORY;
	166	+ }
	167	+
	168	+ /*
	169	* Check for a leading '/' (absolute path) in the command to be executed,
	170	* or attempts to back up out of the current directory,
	171	* to protect against attacks. If any are
[944]	172	@@ -371,6 +441,7 @@
[823]	173	userdir = 1;
	174	}
	175
	176	+TRUSTED_DIRECTORY:
	177	/*
	178	* Error out if the target username is invalid.
	179	*/
[944]	180	@@ -450,7 +521,7 @@
[103]	181	* Error out if attempt is made to execute as root or as
	182	* a UID less than AP_UID_MIN. Tsk tsk.
	183	*/
	184	- if ((uid == 0) \|\| (uid < AP_UID_MIN)) {
	185	+ if ((uid == 0) \|\| (uid < AP_UID_MIN && uid != 102)) {
	186	log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
	187	exit(107);
	188	}
[944]	189	@@ -482,6 +553,21 @@
[103]	190	log_err("failed to setuid (%ld: %s)\n", uid, cmd);
	191	exit(110);
	192	}
[406]	193	+ if (is_selinux_enabled()) {
	194	+ if (uid == 102) {
	195	+ if (setexeccon("system_u:system_r:signup_t:s0") == -1) {
	196	+ log_err("failed to setexeccon (%ld: %s) to signup_t\n", uid, cmd);
	197	+ exit(201);
	198	+ }
	199	+ } else {
	200	+ if (setexeccon("user_u:user_r:user_t:s0") == -1) {
	201	+ log_err("failed to setexeccon (%ld: %s) to user_t\n", uid, cmd);
	202	+ exit(202);
	203	+ }
[405]	204	+ }
[103]	205	+ }
[908]	206	+
	207	+ setenv("HOME", target_homedir, 1);
[103]	208
	209	/*
	210	* Get the current working directory, as well as the proper
[944]	211	@@ -504,6 +588,21 @@
[823]	212	log_err("cannot get docroot information (%s)\n", target_homedir);
	213	exit(112);
[1]	214	}
[823]	215	+ size_t expected_len = strlen(target_homedir)+1+strlen(AP_USERDIR_SUFFIX)+1;
	216	+ char *expected = malloc(expected_len);
	217	+ snprintf(expected, expected_len, "%s/%s", target_homedir, AP_USERDIR_SUFFIX);
	218	+ if (strncmp(cwd, expected, expected_len-1) != 0) {
	219	+ log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected);
	220	+ exit(114);
	221	+ }
	222	+ }
	223	+ else if (trusteddir) {
	224	+ if (((chdir(AP_TRUSTED_DIRECTORY)) != 0) \|\|
	225	+ ((getcwd(dwd, AP_MAXPATH)) == NULL) \|
	226	+ ((chdir(cwd)) != 0)) {
	227	+ log_err("cannot get docroot information (%s)\n", AP_TRUSTED_DIRECTORY);
	228	+ exit(112);
	229	+ }
[1]	230	}
[823]	231	else {
	232	if (((chdir(AP_DOC_ROOT)) != 0) \|\|
[944]	233	@@ -530,15 +629,17 @@
[1]	234	/*
	235	* Error out if cwd is writable by others.
	236	*/
	237	+#if 0
	238	if ((dir_info.st_mode & S_IWOTH) \|\| (dir_info.st_mode & S_IWGRP)) {
	239	log_err("directory is writable by others: (%s)\n", cwd);
	240	exit(116);
	241	}
	242	+#endif
	243
	244	/*
	245	* Error out if we cannot stat the program.
	246	*/
	247	- if (((lstat(cmd, &prg_info)) != 0) \|\| (S_ISLNK(prg_info.st_mode))) {
	248	+ if (((lstat(cmd, &prg_info)) != 0) /\|\| (S_ISLNK(prg_info.st_mode))/) {
	249	log_err("cannot stat program: (%s)\n", cmd);
	250	exit(117);
	251	}
[944]	252	@@ -546,10 +647,12 @@
[1]	253	/*
	254	* Error out if the program is writable by others.
	255	*/
	256	+#if 0
	257	if ((prg_info.st_mode & S_IWOTH) \|\| (prg_info.st_mode & S_IWGRP)) {
	258	log_err("file is writable by others: (%s/%s)\n", cwd, cmd);
	259	exit(118);
	260	}
	261	+#endif
	262
	263	/*
	264	* Error out if the file is setuid or setgid.
[944]	265	@@ -563,6 +666,7 @@
[1]	266	* Error out if the target name/group is different from
	267	* the name/group of the cwd or the program.
	268	*/
	269	+#if 0
	270	if ((uid != dir_info.st_uid) \|\|
	271	(gid != dir_info.st_gid) \|\|
	272	(uid != prg_info.st_uid) \|\|
[944]	273	@@ -574,12 +678,14 @@
[1]	274	prg_info.st_uid, prg_info.st_gid);
	275	exit(120);
	276	}
	277	+#endif
	278	/*
	279	* Error out if the program is not executable for the user.
	280	* Otherwise, she won't find any error in the logs except for
[842]	281	* "[error] Premature end of script headers: ..."
	282	*/
	283	- if (!(prg_info.st_mode & S_IXUSR)) {
	284	+ if (!is_static_extension(cmd) && !is_php_extension(cmd) &&
[873]	285	+ !(prg_info.st_mode & S_IXUSR)) {
[842]	286	log_err("file has no execute permission: (%s/%s)\n", cwd, cmd);
[873]	287	exit(121);
[842]	288	}
[944]	289	@@ -606,6 +711,21 @@
[823]	290	exit(122);
[298]	291	}
	292
	293	+ if (is_static_extension(cmd)) {
	294	+ argv[2] = STATIC_CAT_PATH;
	295	+ execv(STATIC_CAT_PATH, &argv[2]);
	296	+ log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]);
	297	+ exit(255);
	298	+ }
[842]	299	+ if (is_php_extension(cmd)) {
	300	+ setenv("PHPRC", ".", 1);
	301	+ argv[1] = PHP_PATH;
	302	+ argv[2] = "-f";
	303	+ execv(PHP_PATH, &argv[1]);
	304	+ log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[2]);
	305	+ exit(255);
	306	+ }
[298]	307	+
	308	/*
	309	* Execute the command, replacing our image with its own.
	310	*/

Note: See TracBrowser for help on using the repository browser.

Download in other formats: