Changeset 103 for server/common/patches/httpd-suexec-scripts.patch
- Timestamp:
- Jan 20, 2007, 10:24:14 PM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/common/patches/httpd-suexec-scripts.patch
r1 r103 1 1 # scripts.mit.edu httpd suexec patch 2 # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> 2 # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu>, Joe Presbrey <presbrey@mit.edu> 3 3 # 4 4 # This program is free software; you can redistribute it and/or … … 18 18 # See /COPYRIGHT in this repository for more information. 19 19 # 20 --- httpd-2.2.2/support/Makefile.in.old 2005-07-06 19:15:34.000000000 -0400 21 +++ httpd-2.2.2/support/Makefile.in 2007-01-20 17:12:51.000000000 -0500 22 @@ -60,7 +60,7 @@ 23 24 suexec_OBJECTS = suexec.lo 25 suexec: $(suexec_OBJECTS) 26 - $(LINK) $(suexec_OBJECTS) 27 + $(LINK) -lselinux $(suexec_OBJECTS) 28 29 htcacheclean_OBJECTS = htcacheclean.lo 30 htcacheclean: $(htcacheclean_OBJECTS) 20 31 --- httpd-2.2.2/support/suexec.c.old 2006-04-21 21:53:06.000000000 -0400 21 32 +++ httpd-2.2.2/support/suexec.c 2006-08-25 10:04:22.000000000 -0400 22 @@ -95,6 +95,7 @@ 33 @@ -46,6 +46,7 @@ 34 #include <stdio.h> 35 #include <stdarg.h> 36 #include <stdlib.h> 37 +#include <selinux/selinux.h> 38 39 #ifdef HAVE_PWD_H 40 #include <pwd.h> 41 @@ -95,6 +96,7 @@ 23 42 { 24 43 /* variable name starts with */ … … 28 47 29 48 /* variable name is */ 30 @@ -140,6 +14 1,7 @@49 @@ -140,6 +142,7 @@ 31 50 "UNIQUE_ID=", 32 51 "USER_NAME=", … … 36 55 }; 37 56 38 @@ -513,6 +515,12 @@ 57 @@ -450,7 +453,7 @@ 58 * Error out if attempt is made to execute as root or as 59 * a UID less than AP_UID_MIN. Tsk tsk. 60 */ 61 - if ((uid == 0) || (uid < AP_UID_MIN)) { 62 + if ((uid == 0) || (uid < AP_UID_MIN && uid != 102)) { 63 log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd); 64 exit(107); 65 } 66 @@ -482,6 +485,17 @@ 67 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 68 exit(110); 69 } 70 + if (uid == 102) { 71 + if (setexeccon("user_u:user_r:signup_t:s0") == -1) { 72 + log_err("failed to setexeccon (%ld: %s) to signup_t\n"); 73 + exit(201); 74 + } 75 + } else { 76 + if (setexeccon("user_u:user_r:user_t:s0") == -1) { 77 + log_err("failed to setexeccon (%ld: %s) to user_t\n"); 78 + exit(202); 79 + } 80 + } 81 82 /* 83 * Get the current working directory, as well as the proper 84 @@ -513,6 +527,12 @@ 39 85 exit(113); 40 86 } … … 49 95 if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { 50 96 log_err("command not in docroot (%s/%s)\n", cwd, cmd); 51 @@ -530,15 +5 38,17 @@97 @@ -530,15 +550,17 @@ 52 98 /* 53 99 * Error out if cwd is writable by others. … … 68 114 exit(117); 69 115 } 70 @@ -546,10 +5 56,12 @@116 @@ -546,10 +568,12 @@ 71 117 /* 72 118 * Error out if the program is writable by others. … … 81 127 /* 82 128 * Error out if the file is setuid or setgid. 83 @@ -563,6 +5 75,7 @@129 @@ -563,6 +587,7 @@ 84 130 * Error out if the target name/group is different from 85 131 * the name/group of the cwd or the program. … … 89 135 (gid != dir_info.st_gid) || 90 136 (uid != prg_info.st_uid) || 91 @@ -574,6 +5 87,7 @@137 @@ -574,6 +599,7 @@ 92 138 prg_info.st_uid, prg_info.st_gid); 93 139 exit(120);
Note: See TracChangeset
for help on using the changeset viewer.