source:
branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch
@
  1149
        
        | Last change on this file since 1149 was 1146, checked in by mitchb, 16 years ago | |
|---|---|
| File size: 9.0 KB | |
- 
        httpd-2.2.2/support/Makefile.in# scripts.mit.edu httpd suexec patch # Copyright (C) 2006, 2007, 2008 Jeff Arnold <jbarnold@mit.edu>, # Joe Presbrey <presbrey@mit.edu>, # Anders Kaseorg <andersk@mit.edu>, # Geoffrey Thomas <geofft@mit.edu> # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # # See /COPYRIGHT in this repository for more information. # old new 60 60 61 61 suexec_OBJECTS = suexec.lo 62 62 suexec: $(suexec_OBJECTS) 63 $(LINK) $(suexec_OBJECTS)63 $(LINK) -lselinux $(suexec_OBJECTS) 64 64 65 65 htcacheclean_OBJECTS = htcacheclean.lo 66 66 htcacheclean: $(htcacheclean_OBJECTS) 
- 
        httpd-2.2.2/configure.inold new 559 559 APACHE_HELP_STRING(--with-suexec-userdir,User subdirectory),[ 560 560 AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, "$withval", [User subdirectory] ) ] ) 561 561 562 AC_ARG_WITH(suexec-trusteddir, 563 APACHE_HELP_STRING(--with-suexec-trusteddir,Trusted SuExec directory),[ 564 AC_DEFINE_UNQUOTED(AP_TRUSTED_DIRECTORY, "$withval", [Trusted SuExec directory] ) ] ) 565 562 566 AC_ARG_WITH(suexec-docroot, 563 567 APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[ 564 568 AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] ) 
- 
        httpd-2.2.11/support/suexec.cold new 30 30 * 31 31 */ 32 32 33 #define STATIC_CAT_PATH "/usr/local/bin/static-cat" 34 #define PHP_PATH "/usr/bin/php-cgi" 35 33 36 #include "apr.h" 34 37 #include "ap_config.h" 35 38 #include "suexec.h" … … 46 49 #include <stdio.h> 47 50 #include <stdarg.h> 48 51 #include <stdlib.h> 52 #include <selinux/selinux.h> 49 53 50 54 #ifdef HAVE_PWD_H 51 55 #include <pwd.h> … … 95 99 { 96 100 /* variable name starts with */ 97 101 "HTTP_", 102 "HTTPS_", 98 103 "SSL_", 99 104 100 105 /* variable name is */ … … 245 250 environ = cleanenv; 246 251 } 247 252 253 static const char *static_extensions[] = { 254 "html", 255 "css", 256 "gif", 257 "jpg", 258 "png", 259 "htm", 260 "jpeg", 261 "js", 262 "ico", 263 "xml", 264 "xsl", 265 "tiff", 266 "tif", 267 "tgz", 268 "tar", 269 "jar", 270 "zip", 271 "pdf", 272 "ps", 273 "doc", 274 "xls", 275 "ppt", 276 "swf", 277 "mp3", 278 "mov", 279 "wmv", 280 "mpg", 281 "mpeg", 282 "avi", 283 "il", 284 "JPG", 285 "xhtml", 286 "svg", 287 "xaml", 288 "xap", 289 NULL 290 }; 291 292 static int is_static_extension(const char *file) 293 { 294 const char *extension = strrchr(file, '.'); 295 const char **p; 296 if (extension == NULL) return 0; 297 for (p = static_extensions; *p; ++p) { 298 if (strcmp(extension + 1, *p) == 0) return 1; 299 } 300 return 0; 301 } 302 303 static int is_php_extension(const char *file) 304 { 305 const char *extension = strrchr(file, '.'); 306 if (extension == NULL) return 0; 307 return strcmp(extension + 1, "php") == 0; 308 } 309 248 310 int main(int argc, char *argv[]) 249 311 { 250 312 int userdir = 0; /* ~userdir flag */ 313 int trusteddir = 0; /* TRUSTED_DIRECTORY flag */ 251 314 uid_t uid; /* user information */ 252 315 gid_t gid; /* target group placeholder */ 253 316 char *target_uname; /* target user name */ … … 350 413 #endif /*_OSD_POSIX*/ 351 414 352 415 /* 416 * First check if this is an absolute path to the directory 417 * of trusted executables. These are supposed to be security 418 * audited to check parameters and validity on their own... 419 */ 420 if (strstr(cmd, AP_TRUSTED_DIRECTORY) == cmd) { 421 if (strstr(cmd, "/../") != NULL) { 422 log_err("invalid command (%s)\n", cmd); 423 exit(104); 424 } 425 trusteddir = 1; 426 goto TRUSTED_DIRECTORY; 427 } 428 429 /* 353 430 * Check for a leading '/' (absolute path) in the command to be executed, 354 431 * or attempts to back up out of the current directory, 355 432 * to protect against attacks. If any are … … 371 448 userdir = 1; 372 449 } 373 450 451 TRUSTED_DIRECTORY: 374 452 /* 375 453 * Error out if the target username is invalid. 376 454 */ … … 452 530 * Error out if attempt is made to execute as root or as 453 531 * a UID less than AP_UID_MIN. Tsk tsk. 454 532 */ 455 if ((uid == 0) || (uid < AP_UID_MIN )) {533 if ((uid == 0) || (uid < AP_UID_MIN && uid != 102)) { 456 534 log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd); 457 535 exit(107); 458 536 } … … 484 562 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 485 563 exit(110); 486 564 } 565 if (is_selinux_enabled()) { 566 if (uid == 102) { 567 if (setexeccon("system_u:system_r:signup_t:s0") == -1) { 568 log_err("failed to setexeccon (%ld: %s) to signup_t\n", uid, cmd); 569 exit(201); 570 } 571 } else { 572 if (setexeccon("user_u:user_r:user_t:s0") == -1) { 573 log_err("failed to setexeccon (%ld: %s) to user_t\n", uid, cmd); 574 exit(202); 575 } 576 } 577 } 578 579 setenv("HOME", target_homedir, 1); 487 580 488 581 /* 489 582 * Get the current working directory, as well as the proper … … 506 599 log_err("cannot get docroot information (%s)\n", target_homedir); 507 600 exit(112); 508 601 } 602 size_t expected_len = strlen(target_homedir)+1+strlen(AP_USERDIR_SUFFIX)+1; 603 char *expected = malloc(expected_len); 604 snprintf(expected, expected_len, "%s/%s", target_homedir, AP_USERDIR_SUFFIX); 605 if (strncmp(cwd, expected, expected_len-1) != 0) { 606 log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected); 607 exit(114); 608 } 609 } 610 else if (trusteddir) { 611 if (((chdir(AP_TRUSTED_DIRECTORY)) != 0) || 612 ((getcwd(dwd, AP_MAXPATH)) == NULL) | 613 ((chdir(cwd)) != 0)) { 614 log_err("cannot get docroot information (%s)\n", AP_TRUSTED_DIRECTORY); 615 exit(112); 616 } 509 617 } 510 618 else { 511 619 if (((chdir(AP_DOC_ROOT)) != 0) || … … 532 640 /* 533 641 * Error out if cwd is writable by others. 534 642 */ 643 #if 0 535 644 if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) { 536 645 log_err("directory is writable by others: (%s)\n", cwd); 537 646 exit(116); 538 647 } 648 #endif 539 649 540 650 /* 541 651 * Error out if we cannot stat the program. 542 652 */ 543 if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {653 if (((lstat(cmd, &prg_info)) != 0) /*|| (S_ISLNK(prg_info.st_mode))*/) { 544 654 log_err("cannot stat program: (%s)\n", cmd); 545 655 exit(117); 546 656 } … … 548 658 /* 549 659 * Error out if the program is writable by others. 550 660 */ 661 #if 0 551 662 if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) { 552 663 log_err("file is writable by others: (%s/%s)\n", cwd, cmd); 553 664 exit(118); 554 665 } 666 #endif 555 667 556 668 /* 557 669 * Error out if the file is setuid or setgid. … … 565 677 * Error out if the target name/group is different from 566 678 * the name/group of the cwd or the program. 567 679 */ 680 #if 0 568 681 if ((uid != dir_info.st_uid) || 569 682 (gid != dir_info.st_gid) || 570 683 (uid != prg_info.st_uid) || … … 576 689 prg_info.st_uid, prg_info.st_gid); 577 690 exit(120); 578 691 } 692 #endif 579 693 /* 580 694 * Error out if the program is not executable for the user. 581 695 * Otherwise, she won't find any error in the logs except for 582 696 * "[error] Premature end of script headers: ..." 583 697 */ 584 if (!(prg_info.st_mode & S_IXUSR)) { 698 if (!is_static_extension(cmd) && !is_php_extension(cmd) && 699 !(prg_info.st_mode & S_IXUSR)) { 585 700 log_err("file has no execute permission: (%s/%s)\n", cwd, cmd); 586 701 exit(121); 587 702 } 588 703 704 if (is_static_extension(cmd)) { 705 argv[2] = STATIC_CAT_PATH; 706 execv(STATIC_CAT_PATH, &argv[2]); 707 log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]); 708 exit(255); 709 } 710 if (is_php_extension(cmd)) { 711 setenv("PHPRC", ".", 1); 712 argv[1] = PHP_PATH; 713 argv[2] = "-f"; 714 execv(PHP_PATH, &argv[1]); 715 log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[2]); 716 exit(255); 717 } 718 589 719 #ifdef AP_SUEXEC_UMASK 590 720 /* 591 721 * umask() uses inverse logic; bits are CLEAR for allowed access. 
Note: See TracBrowser
        for help on using the repository browser.
    
