- Timestamp:
- Sep 17, 2007, 4:06:51 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/common/patches/httpd-suexec-scripts.patch
r403 r405 48 48 #ifdef HAVE_PWD_H 49 49 #include <pwd.h> 50 @@ -95,6 +98, 9@@50 @@ -95,6 +98,7 @@ 51 51 { 52 52 /* variable name starts with */ … … 54 54 + "HTTPS_", 55 55 "SSL_", 56 + "PERL",57 + "PYTHON",58 56 59 57 /* variable name is */ 60 @@ -140,6 +14 6,7 @@58 @@ -140,6 +144,7 @@ 61 59 "UNIQUE_ID=", 62 60 "USER_NAME=", … … 66 64 }; 67 65 68 @@ -245,6 +25 2,53 @@66 @@ -245,6 +250,53 @@ 69 67 environ = cleanenv; 70 68 } … … 120 118 { 121 119 int userdir = 0; /* ~userdir flag */ 122 @@ -450,7 +50 4,7 @@120 @@ -450,7 +501,7 @@ 123 121 * Error out if attempt is made to execute as root or as 124 122 * a UID less than AP_UID_MIN. Tsk tsk. … … 129 127 exit(107); 130 128 } 131 @@ -482,6 +53 6,19@@129 @@ -482,6 +533,17 @@ 132 130 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 133 131 exit(110); 134 132 } 135 + if (is_selinux_enabled()) { 136 + if (uid == 102) { 137 + if (setexeccon("system_u:system_r:signup_t:s0") == -1) { 138 + log_err("failed to setexeccon (%ld: %s) to signup_t\n", uid, cmd); 139 + exit(201); 140 + } 141 + } else { 142 + if (setexeccon("user_u:user_r:user_t:s0") == -1) { 143 + log_err("failed to setexeccon (%ld: %s) to user_t\n", uid, cmd); 144 + exit(202); 145 + } 146 + } 133 + if (uid == 102) { 134 + if (setexeccon("system_u:system_r:signup_t:s0") == -1) { 135 + log_err("failed to setexeccon (%ld: %s) to signup_t\n", uid, cmd); 136 + exit(201); 137 + } 138 + } else { 139 + if (setexeccon("user_u:user_r:user_t:s0") == -1) { 140 + log_err("failed to setexeccon (%ld: %s) to user_t\n", uid, cmd); 141 + exit(202); 142 + } 147 143 + } 148 144 149 145 /* 150 146 * Get the current working directory, as well as the proper 151 @@ -513,6 +5 80,13 @@147 @@ -513,6 +575,13 @@ 152 148 exit(113); 153 149 } … … 163 159 if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { 164 160 log_err("command not in docroot (%s/%s)\n", cwd, cmd); 165 @@ -530,15 + 604,17 @@161 @@ -530,15 +598,17 @@ 166 162 /* 167 163 * Error out if cwd is writable by others. … … 182 178 exit(117); 183 179 } 184 @@ -546,10 +6 22,12 @@180 @@ -546,10 +616,12 @@ 185 181 /* 186 182 * Error out if the program is writable by others. … … 195 191 /* 196 192 * Error out if the file is setuid or setgid. 197 @@ -563,6 +6 41,7 @@193 @@ -563,6 +635,7 @@ 198 194 * Error out if the target name/group is different from 199 195 * the name/group of the cwd or the program. … … 203 199 (gid != dir_info.st_gid) || 204 200 (uid != prg_info.st_uid) || 205 @@ -574,6 +6 53,7 @@201 @@ -574,6 +647,7 @@ 206 202 prg_info.st_uid, prg_info.st_gid); 207 203 exit(120); … … 211 207 * Error out if the program is not executable for the user. 212 208 * Otherwise, she won't find any error in the logs except for 213 @@ -609,6 +68 9,13 @@209 @@ -609,6 +683,13 @@ 214 210 log = NULL; 215 211 }
Note: See TracChangeset
for help on using the changeset viewer.