Changeset 298


Ignore:
Timestamp:
Apr 23, 2007, 3:45:08 AM (17 years ago)
Author:
andersk
Message:
* Call static-cat directly from suexec on static extensions, instead of 
  going through binfmt_misc.  This will soon be replaced with a more 
  permanent solution.
* Fix a one-character buffer overflow in the suexec patch.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/common/patches/httpd-suexec-scripts.patch

    r204 r298  
    3030 htcacheclean: $(htcacheclean_OBJECTS)
    3131--- httpd-2.2.2/support/suexec.c.old    2006-04-21 21:53:06.000000000 -0400
    32 +++ httpd-2.2.2/support/suexec.c        2006-08-25 10:04:22.000000000 -0400
    33 @@ -46,6 +46,7 @@
     32+++ httpd-2.2.2/support/suexec.c        2007-04-23 03:04:56.000000000 -0400
     33@@ -30,6 +30,8 @@
     34  *
     35  */
     36 
     37+#define STATIC_CAT_PATH "/usr/local/bin/static-cat"
     38+
     39 #include "apr.h"
     40 #include "ap_config.h"
     41 #include "suexec.h"
     42@@ -46,6 +48,7 @@
    3443 #include <stdio.h>
    3544 #include <stdarg.h>
     
    3948 #ifdef HAVE_PWD_H
    4049 #include <pwd.h>
    41 @@ -95,6 +96,7 @@
     50@@ -95,6 +98,7 @@
    4251 {
    4352     /* variable name starts with */
     
    4756 
    4857     /* variable name is */
    49 @@ -140,6 +142,7 @@
     58@@ -140,6 +144,7 @@
    5059     "UNIQUE_ID=",
    5160     "USER_NAME=",
     
    5564 };
    5665 
    57 @@ -450,7 +453,7 @@
     66@@ -245,6 +250,52 @@
     67     environ = cleanenv;
     68 }
     69 
     70+static const char *static_extensions[] = {
     71+    "html",
     72+    "css",
     73+    "gif",
     74+    "jpg",
     75+    "png",
     76+    "htm",
     77+    "jpeg",
     78+    "js",
     79+    "ico",
     80+    "xml",
     81+    "xsl",
     82+    "tiff",
     83+    "tif",
     84+    "tgz",
     85+    "tar",
     86+    "jar",
     87+    "zip",
     88+    "pdf",
     89+    "ps",
     90+    "doc",
     91+    "xls",
     92+    "ppt",
     93+    "swf",
     94+    "mp3",
     95+    "mov",
     96+    "wmv",
     97+    "mpg",
     98+    "mpeg",
     99+    "avi",
     100+    "il",
     101+    "JPG",
     102+    NULL
     103+};
     104+
     105+static int is_static_extension(const char *file)
     106+{
     107+    const char *extension = strrchr(file, '.');
     108+    const char **p;
     109+    if (extension == NULL) return 0;
     110+    for (p = static_extensions; *p; ++p) {
     111+        if (strcmp(extension + 1, *p) == 0) return 1;
     112+    }
     113+    return 0;
     114+}
     115+
     116 int main(int argc, char *argv[])
     117 {
     118     int userdir = 0;        /* ~userdir flag             */
     119@@ -450,7 +501,7 @@
    58120      * Error out if attempt is made to execute as root or as
    59121      * a UID less than AP_UID_MIN.  Tsk tsk.
     
    64126         exit(107);
    65127     }
    66 @@ -482,6 +485,17 @@
     128@@ -482,6 +533,17 @@
    67129         log_err("failed to setuid (%ld: %s)\n", uid, cmd);
    68130         exit(110);
     
    82144     /*
    83145      * Get the current working directory, as well as the proper
    84 @@ -513,6 +527,12 @@
     146@@ -513,6 +575,13 @@
    85147             exit(113);
    86148         }
    87149     }
    88 +    char *expected = malloc(strlen(target_homedir)+strlen(AP_USERDIR_SUFFIX)+1);
    89 +    sprintf(expected, "%s/%s", target_homedir, AP_USERDIR_SUFFIX);
    90 +    if ((strncmp(cwd, expected, strlen(expected))) != 0) {
     150+    size_t expected_len = strlen(target_homedir)+1+strlen(AP_USERDIR_SUFFIX)+1;
     151+    char *expected = malloc(expected_len);
     152+    snprintf(expected, expected_len, "%s/%s", target_homedir, AP_USERDIR_SUFFIX);
     153+    if (strncmp(cwd, expected, expected_len) != 0) {
    91154+        log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected);
    92155+        exit(114);
     
    95158     if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
    96159         log_err("command not in docroot (%s/%s)\n", cwd, cmd);
    97 @@ -530,15 +550,17 @@
     160@@ -530,15 +598,17 @@
    98161     /*
    99162      * Error out if cwd is writable by others.
     
    114177         exit(117);
    115178     }
    116 @@ -546,10 +568,12 @@
     179@@ -546,10 +616,12 @@
    117180     /*
    118181      * Error out if the program is writable by others.
     
    127190     /*
    128191      * Error out if the file is setuid or setgid.
    129 @@ -563,6 +587,7 @@
     192@@ -563,6 +635,7 @@
    130193      * Error out if the target name/group is different from
    131194      * the name/group of the cwd or the program.
     
    135198         (gid != dir_info.st_gid) ||
    136199         (uid != prg_info.st_uid) ||
    137 @@ -574,6 +599,7 @@
     200@@ -574,6 +647,7 @@
    138201                 prg_info.st_uid, prg_info.st_gid);
    139202         exit(120);
     
    143206      * Error out if the program is not executable for the user.
    144207      * Otherwise, she won't find any error in the logs except for
     208@@ -609,6 +683,13 @@
     209         log = NULL;
     210     }
     211 
     212+    if (is_static_extension(cmd)) {
     213+        argv[2] = STATIC_CAT_PATH;
     214+        execv(STATIC_CAT_PATH, &argv[2]);
     215+       log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]);
     216+       exit(255);
     217+    }
     218+
     219     /*
     220      * Execute the command, replacing our image with its own.
     221      */
Note: See TracChangeset for help on using the changeset viewer.