Changeset 298
- Timestamp:
- Apr 23, 2007, 3:45:08 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/common/patches/httpd-suexec-scripts.patch
r204 r298 30 30 htcacheclean: $(htcacheclean_OBJECTS) 31 31 --- httpd-2.2.2/support/suexec.c.old 2006-04-21 21:53:06.000000000 -0400 32 +++ httpd-2.2.2/support/suexec.c 2006-08-25 10:04:22.000000000 -0400 33 @@ -46,6 +46,7 @@ 32 +++ httpd-2.2.2/support/suexec.c 2007-04-23 03:04:56.000000000 -0400 33 @@ -30,6 +30,8 @@ 34 * 35 */ 36 37 +#define STATIC_CAT_PATH "/usr/local/bin/static-cat" 38 + 39 #include "apr.h" 40 #include "ap_config.h" 41 #include "suexec.h" 42 @@ -46,6 +48,7 @@ 34 43 #include <stdio.h> 35 44 #include <stdarg.h> … … 39 48 #ifdef HAVE_PWD_H 40 49 #include <pwd.h> 41 @@ -95,6 +9 6,7 @@50 @@ -95,6 +98,7 @@ 42 51 { 43 52 /* variable name starts with */ … … 47 56 48 57 /* variable name is */ 49 @@ -140,6 +14 2,7 @@58 @@ -140,6 +144,7 @@ 50 59 "UNIQUE_ID=", 51 60 "USER_NAME=", … … 55 64 }; 56 65 57 @@ -450,7 +453,7 @@ 66 @@ -245,6 +250,52 @@ 67 environ = cleanenv; 68 } 69 70 +static const char *static_extensions[] = { 71 + "html", 72 + "css", 73 + "gif", 74 + "jpg", 75 + "png", 76 + "htm", 77 + "jpeg", 78 + "js", 79 + "ico", 80 + "xml", 81 + "xsl", 82 + "tiff", 83 + "tif", 84 + "tgz", 85 + "tar", 86 + "jar", 87 + "zip", 88 + "pdf", 89 + "ps", 90 + "doc", 91 + "xls", 92 + "ppt", 93 + "swf", 94 + "mp3", 95 + "mov", 96 + "wmv", 97 + "mpg", 98 + "mpeg", 99 + "avi", 100 + "il", 101 + "JPG", 102 + NULL 103 +}; 104 + 105 +static int is_static_extension(const char *file) 106 +{ 107 + const char *extension = strrchr(file, '.'); 108 + const char **p; 109 + if (extension == NULL) return 0; 110 + for (p = static_extensions; *p; ++p) { 111 + if (strcmp(extension + 1, *p) == 0) return 1; 112 + } 113 + return 0; 114 +} 115 + 116 int main(int argc, char *argv[]) 117 { 118 int userdir = 0; /* ~userdir flag */ 119 @@ -450,7 +501,7 @@ 58 120 * Error out if attempt is made to execute as root or as 59 121 * a UID less than AP_UID_MIN. Tsk tsk. … … 64 126 exit(107); 65 127 } 66 @@ -482,6 + 485,17 @@128 @@ -482,6 +533,17 @@ 67 129 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 68 130 exit(110); … … 82 144 /* 83 145 * Get the current working directory, as well as the proper 84 @@ -513,6 +5 27,12@@146 @@ -513,6 +575,13 @@ 85 147 exit(113); 86 148 } 87 149 } 88 + char *expected = malloc(strlen(target_homedir)+strlen(AP_USERDIR_SUFFIX)+1); 89 + sprintf(expected, "%s/%s", target_homedir, AP_USERDIR_SUFFIX); 90 + if ((strncmp(cwd, expected, strlen(expected))) != 0) { 150 + size_t expected_len = strlen(target_homedir)+1+strlen(AP_USERDIR_SUFFIX)+1; 151 + char *expected = malloc(expected_len); 152 + snprintf(expected, expected_len, "%s/%s", target_homedir, AP_USERDIR_SUFFIX); 153 + if (strncmp(cwd, expected, expected_len) != 0) { 91 154 + log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected); 92 155 + exit(114); … … 95 158 if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { 96 159 log_err("command not in docroot (%s/%s)\n", cwd, cmd); 97 @@ -530,15 +5 50,17 @@160 @@ -530,15 +598,17 @@ 98 161 /* 99 162 * Error out if cwd is writable by others. … … 114 177 exit(117); 115 178 } 116 @@ -546,10 + 568,12 @@179 @@ -546,10 +616,12 @@ 117 180 /* 118 181 * Error out if the program is writable by others. … … 127 190 /* 128 191 * Error out if the file is setuid or setgid. 129 @@ -563,6 + 587,7 @@192 @@ -563,6 +635,7 @@ 130 193 * Error out if the target name/group is different from 131 194 * the name/group of the cwd or the program. … … 135 198 (gid != dir_info.st_gid) || 136 199 (uid != prg_info.st_uid) || 137 @@ -574,6 + 599,7 @@200 @@ -574,6 +647,7 @@ 138 201 prg_info.st_uid, prg_info.st_gid); 139 202 exit(120); … … 143 206 * Error out if the program is not executable for the user. 144 207 * Otherwise, she won't find any error in the logs except for 208 @@ -609,6 +683,13 @@ 209 log = NULL; 210 } 211 212 + if (is_static_extension(cmd)) { 213 + argv[2] = STATIC_CAT_PATH; 214 + execv(STATIC_CAT_PATH, &argv[2]); 215 + log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]); 216 + exit(255); 217 + } 218 + 219 /* 220 * Execute the command, replacing our image with its own. 221 */
Note: See TracChangeset
for help on using the changeset viewer.