- Timestamp:
- Sep 17, 2007, 2:37:42 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/common/patches/httpd-suexec-scripts.patch
r315 r403 48 48 #ifdef HAVE_PWD_H 49 49 #include <pwd.h> 50 @@ -95,6 +98, 7@@50 @@ -95,6 +98,9 @@ 51 51 { 52 52 /* variable name starts with */ … … 54 54 + "HTTPS_", 55 55 "SSL_", 56 + "PERL", 57 + "PYTHON", 56 58 57 59 /* variable name is */ 58 @@ -140,6 +14 4,7 @@60 @@ -140,6 +146,7 @@ 59 61 "UNIQUE_ID=", 60 62 "USER_NAME=", … … 64 66 }; 65 67 66 @@ -245,6 +25 0,53 @@68 @@ -245,6 +252,53 @@ 67 69 environ = cleanenv; 68 70 } … … 118 120 { 119 121 int userdir = 0; /* ~userdir flag */ 120 @@ -450,7 +50 1,7 @@122 @@ -450,7 +504,7 @@ 121 123 * Error out if attempt is made to execute as root or as 122 124 * a UID less than AP_UID_MIN. Tsk tsk. … … 127 129 exit(107); 128 130 } 129 @@ -482,6 +53 3,17@@131 @@ -482,6 +536,19 @@ 130 132 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 131 133 exit(110); 132 134 } 133 + if (uid == 102) { 134 + if (setexeccon("system_u:system_r:signup_t:s0") == -1) { 135 + log_err("failed to setexeccon (%ld: %s) to signup_t\n", uid, cmd); 136 + exit(201); 137 + } 138 + } else { 139 + if (setexeccon("user_u:user_r:user_t:s0") == -1) { 140 + log_err("failed to setexeccon (%ld: %s) to user_t\n", uid, cmd); 141 + exit(202); 142 + } 135 + if (is_selinux_enabled()) { 136 + if (uid == 102) { 137 + if (setexeccon("system_u:system_r:signup_t:s0") == -1) { 138 + log_err("failed to setexeccon (%ld: %s) to signup_t\n", uid, cmd); 139 + exit(201); 140 + } 141 + } else { 142 + if (setexeccon("user_u:user_r:user_t:s0") == -1) { 143 + log_err("failed to setexeccon (%ld: %s) to user_t\n", uid, cmd); 144 + exit(202); 145 + } 146 + } 143 147 + } 144 148 145 149 /* 146 150 * Get the current working directory, as well as the proper 147 @@ -513,6 +5 75,13 @@151 @@ -513,6 +580,13 @@ 148 152 exit(113); 149 153 } … … 159 163 if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { 160 164 log_err("command not in docroot (%s/%s)\n", cwd, cmd); 161 @@ -530,15 + 598,17 @@165 @@ -530,15 +604,17 @@ 162 166 /* 163 167 * Error out if cwd is writable by others. … … 178 182 exit(117); 179 183 } 180 @@ -546,10 +6 16,12 @@184 @@ -546,10 +622,12 @@ 181 185 /* 182 186 * Error out if the program is writable by others. … … 191 195 /* 192 196 * Error out if the file is setuid or setgid. 193 @@ -563,6 +6 35,7 @@197 @@ -563,6 +641,7 @@ 194 198 * Error out if the target name/group is different from 195 199 * the name/group of the cwd or the program. … … 199 203 (gid != dir_info.st_gid) || 200 204 (uid != prg_info.st_uid) || 201 @@ -574,6 +6 47,7 @@205 @@ -574,6 +653,7 @@ 202 206 prg_info.st_uid, prg_info.st_gid); 203 207 exit(120); … … 207 211 * Error out if the program is not executable for the user. 208 212 * Otherwise, she won't find any error in the logs except for 209 @@ -609,6 +68 3,13 @@213 @@ -609,6 +689,13 @@ 210 214 log = NULL; 211 215 }
Note: See TracChangeset
for help on using the changeset viewer.