- Timestamp:
- Sep 22, 2013, 7:05:37 PM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/fc19-dev/server/common/patches/httpd-suexec-scripts.patch
r2422 r2469 1 From 8445788d68230b2e18739166f4c3ae6434038421Mon Sep 17 00:00:00 20011 From 427d432a56df94d69a11cc438b08adb070615005 Mon Sep 17 00:00:00 2001 2 2 From: Alexander Chernyakhovsky <achernya@mit.edu> 3 3 Date: Fri, 3 May 2013 21:38:58 -0400 4 Subject: [PATCH 1/4] Add scripts-specific support to suexec4 Subject: [PATCH] Add scripts-specific support to suexec 5 5 6 6 This patch make suexec aware of static-cat, Scripts' tool to serve … … 19 19 manner that will strip arguments passed by Apache to php-cgi. 20 20 --- 21 configure.in | 22 support/suexec.c | 172+++++++++++++++++++++++++++++++++++++++++++++++++++++-21 configure.in | 4 ++ 22 support/suexec.c | 172 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 23 23 2 files changed, 173 insertions(+), 3 deletions(-) 24 24 25 25 diff --git a/configure.in b/configure.in 26 index d93f78c..14faccf 10064426 index 811aace..a95349f 100644 27 27 --- a/configure.in 28 28 +++ b/configure.in 29 @@ -72 0,6 +720,10 @@ AC_ARG_WITH(suexec-userdir,29 @@ -721,6 +721,10 @@ AC_ARG_WITH(suexec-userdir, 30 30 APACHE_HELP_STRING(--with-suexec-userdir,User subdirectory),[ 31 31 AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, "$withval", [User subdirectory] ) ] ) … … 39 39 AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] ) 40 40 diff --git a/support/suexec.c b/support/suexec.c 41 index 5b6b254..e377042 10064441 index 32e7320..3a4d802 100644 42 42 --- a/support/suexec.c 43 43 +++ b/support/suexec.c … … 60 60 61 61 /* variable name is */ 62 @@ -26 4,9 +268,108 @@ static void clean_env(void)62 @@ -268,9 +272,108 @@ static void clean_env(void) 63 63 environ = cleanenv; 64 64 } … … 169 169 gid_t gid; /* target group placeholder */ 170 170 char *target_uname; /* target user name */ 171 @@ -2 86,6 +389,7 @@ int main(int argc, char *argv[])171 @@ -290,6 +393,7 @@ int main(int argc, char *argv[]) 172 172 * Start with a "clean" environment 173 173 */ … … 177 177 /* 178 178 * Check existence/validity of the UID of the user 179 @@ -3 69,6 +473,20 @@ int main(int argc, char *argv[])179 @@ -373,6 +477,20 @@ int main(int argc, char *argv[]) 180 180 #endif /*_OSD_POSIX*/ 181 181 … … 198 198 * or attempts to back up out of the current directory, 199 199 * to protect against attacks. If any are 200 @@ -39 0,6 +508,7 @@ int main(int argc, char *argv[])200 @@ -394,6 +512,7 @@ int main(int argc, char *argv[]) 201 201 userdir = 1; 202 202 } … … 206 206 * Error out if the target username is invalid. 207 207 */ 208 @@ -4 71,7 +590,7 @@ int main(int argc, char *argv[])208 @@ -482,7 +601,7 @@ int main(int argc, char *argv[]) 209 209 * Error out if attempt is made to execute as root or as 210 210 * a UID less than AP_UID_MIN. Tsk tsk. … … 215 215 exit(107); 216 216 } 217 @@ -5 03,6 +622,7 @@ int main(int argc, char *argv[])217 @@ -514,6 +633,7 @@ int main(int argc, char *argv[]) 218 218 log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd); 219 219 exit(110); … … 223 223 /* 224 224 * Get the current working directory, as well as the proper 225 @@ -5 25,6 +645,21 @@ int main(int argc, char *argv[])225 @@ -536,6 +656,21 @@ int main(int argc, char *argv[]) 226 226 log_err("cannot get docroot information (%s)\n", target_homedir); 227 227 exit(112); … … 245 245 else { 246 246 if (((chdir(AP_DOC_ROOT)) != 0) || 247 @@ -5 51,15 +686,17 @@ int main(int argc, char *argv[])247 @@ -562,15 +697,17 @@ int main(int argc, char *argv[]) 248 248 /* 249 249 * Error out if cwd is writable by others. … … 264 264 exit(117); 265 265 } 266 @@ -5 67,10 +704,12 @@ int main(int argc, char *argv[])266 @@ -578,10 +715,12 @@ int main(int argc, char *argv[]) 267 267 /* 268 268 * Error out if the program is writable by others. … … 277 277 /* 278 278 * Error out if the file is setuid or setgid. 279 @@ -5 84,6 +723,7 @@ int main(int argc, char *argv[])279 @@ -595,6 +734,7 @@ int main(int argc, char *argv[]) 280 280 * Error out if the target name/group is different from 281 281 * the name/group of the cwd or the program. … … 285 285 (gid != dir_info.st_gid) || 286 286 (uid != prg_info.st_uid) || 287 @@ - 595,12 +735,14 @@ int main(int argc, char *argv[])287 @@ -606,12 +746,14 @@ int main(int argc, char *argv[]) 288 288 (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid); 289 289 exit(120); … … 301 301 exit(121); 302 302 } 303 @@ -6 49,6 +791,30 @@ int main(int argc, char *argv[])303 @@ -660,6 +802,30 @@ int main(int argc, char *argv[]) 304 304 /* 305 305 * Execute the command, replacing our image with its own. … … 333 333 { 334 334 -- 335 1. 7.9.6 (Apple Git-31.1)336 335 1.8.1.2 336
Note: See TracChangeset
for help on using the changeset viewer.