1998-11-10 01:56:01 +00:00
|
|
|
*** src/support/suexec.c.orig Tue Apr 21 15:14:06 1998
|
|
|
|
|
--- src/support/suexec.c Fri May 22 17:59:43 1998
|
1998-05-29 04:46:56 +00:00
|
|
|
***************
|
1998-11-10 01:56:01 +00:00
|
|
|
*** 70,75 ****
|
|
|
|
|
--- 70,98 ----
|
|
|
|
|
*
|
1998-05-29 04:46:56 +00:00
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
+ /*
|
|
|
|
|
+ * "System" CGI modification 97.05.10 by Rick Franchuk (rickf@netnation.com)
|
|
|
|
|
+ *
|
|
|
|
|
+ * I found that while it's great to make scripts run under the UID and GID
|
|
|
|
|
+ * specified in httpd.conf or what /etc/passwd says is 'cool', suEXEC can
|
|
|
|
|
+ * really put a damper on 'System' cgi's, forcing copies of the scripts
|
|
|
|
|
+ * to be installed into users' home directories. That didn't seem very
|
|
|
|
|
+ * fitting... so I changed it so that the target UID check is disabled in
|
|
|
|
|
+ * a system directory #defined in suexec+.h. I hope you all find it useful.
|
|
|
|
|
+ *
|
|
|
|
|
+ * The docroot check had to be bypassed to allow functionality for VirtualHost
|
|
|
|
|
+ * entries. I'm somewhat suprised noone encountered that behavior before.
|
|
|
|
|
+ */
|
1998-11-10 01:56:01 +00:00
|
|
|
+ /*
|
|
|
|
|
+ * "FPEXE modification made on 98.05.19 by Scot Hetzel (hetzels@westbend.net)
|
1998-05-29 04:46:56 +00:00
|
|
|
+ * based on previous FPEXE modifications supplied by Mark Wormgoor
|
|
|
|
|
+ * (riddles@ipe.nl)
|
|
|
|
|
+ *
|
|
|
|
|
+ * Changes were made in order to use Suexec and Frontpage 98 at the same time.
|
|
|
|
|
+ * After we change to the target_uid and target_gid. We check if cmd = FPEXE,
|
|
|
|
|
+ * if it does then we execute the cmd without performing any further tests.
|
|
|
|
|
+ *
|
1998-11-10 01:56:01 +00:00
|
|
|
+ */
|
1998-05-29 04:46:56 +00:00
|
|
|
|
1998-11-10 01:56:01 +00:00
|
|
|
#include "conf.h"
|
|
|
|
|
#include <sys/param.h>
|
1998-05-29 04:46:56 +00:00
|
|
|
***************
|
1998-11-10 01:56:01 +00:00
|
|
|
*** 393,398 ****
|
|
|
|
|
--- 416,429 ----
|
1998-05-29 04:46:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
+ * We logged everything, changed to the target uid/gid, and know the
|
|
|
|
|
+ * user is ok. We run fpexe now and bail out before anything goes wrong.
|
|
|
|
|
+ */
|
|
|
|
|
+ #ifdef FPEXE
|
1998-11-10 01:56:01 +00:00
|
|
|
+ if ((strcmp(cmd, FPEXE)) != NULL) {
|
|
|
|
|
+ #endif
|
1998-05-29 04:46:56 +00:00
|
|
|
+
|
|
|
|
|
+ /*
|
|
|
|
|
* Get the current working directory, as well as the proper
|
|
|
|
|
* document root (dependant upon whether or not it is a
|
|
|
|
|
* ~userdir request). Error out if we cannot get either one,
|
|
|
|
|
***************
|
1998-11-10 01:56:01 +00:00
|
|
|
*** 423,432 ****
|
|
|
|
|
--- 454,468 ----
|
|
|
|
|
}
|
1998-05-29 04:46:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+ /*
|
|
|
|
|
+ * This section must be commented out to work properly with
|
|
|
|
|
+ * VirtualHosts running CGI in thier own directories.
|
|
|
|
|
+ *
|
|
|
|
|
if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
|
1998-11-10 01:56:01 +00:00
|
|
|
log_err("command not in docroot (%s/%s)\n", cwd, cmd);
|
|
|
|
|
exit(114);
|
1998-05-29 04:46:56 +00:00
|
|
|
}
|
|
|
|
|
+ */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Stat the cwd and verify it is a directory, or error out.
|
|
|
|
|
***************
|
1998-11-10 01:56:01 +00:00
|
|
|
*** 472,477 ****
|
|
|
|
|
--- 508,516 ----
|
1998-05-29 04:46:56 +00:00
|
|
|
* Error out if the target name/group is different from
|
|
|
|
|
* the name/group of the cwd or the program.
|
|
|
|
|
*/
|
1998-11-10 01:56:01 +00:00
|
|
|
+ #ifdef SYSTEM_CGI
|
|
|
|
|
+ if (strncmp(cwd, SYSTEM_CGI, strlen(SYSTEM_CGI))) {
|
|
|
|
|
+ #endif
|
|
|
|
|
if ((uid != dir_info.st_uid) ||
|
|
|
|
|
(gid != dir_info.st_gid) ||
|
|
|
|
|
(uid != prg_info.st_uid) ||
|
|
|
|
|
***************
|
|
|
|
|
*** 482,487 ****
|
|
|
|
|
--- 521,530 ----
|
|
|
|
|
prg_info.st_uid, prg_info.st_gid);
|
|
|
|
|
exit(120);
|
1998-05-29 04:46:56 +00:00
|
|
|
}
|
1998-11-10 01:56:01 +00:00
|
|
|
+ #ifdef SYSTEM_CGI
|
|
|
|
|
+ }
|
1998-05-29 04:46:56 +00:00
|
|
|
+ #endif
|
1998-11-10 01:56:01 +00:00
|
|
|
+
|
|
|
|
|
/*
|
|
|
|
|
* Error out if the program is not executable for the user.
|
|
|
|
|
* Otherwise, she won't find any error in the logs except for
|
|
|
|
|
***************
|
|
|
|
|
*** 493,498 ****
|
|
|
|
|
--- 536,584 ----
|
|
|
|
|
}
|
1998-05-29 04:46:56 +00:00
|
|
|
|
|
|
|
|
clean_env();
|
1998-11-10 01:56:01 +00:00
|
|
|
+
|
1998-05-29 04:46:56 +00:00
|
|
|
+ #ifdef FPEXE
|
|
|
|
|
+ }
|
1998-11-10 01:56:01 +00:00
|
|
|
+ else {
|
|
|
|
|
+
|
|
|
|
|
+ /* The following taken from mod_frontpage.c to check permissions */
|
1998-05-29 04:46:56 +00:00
|
|
|
+
|
1998-11-10 01:56:01 +00:00
|
|
|
+ /*
|
|
|
|
|
+ * We can't stat the stub dir. Make sure the stub directory is not
|
|
|
|
|
+ * owned by root and not group/world writable
|
|
|
|
|
+ */
|
|
|
|
|
+ if ((lstat(FPSTUBDIR, &dir_info) == -1 ||
|
|
|
|
|
+ dir_info.st_uid ||
|
|
|
|
|
+ (dir_info.st_mode & (S_IWGRP | S_IWOTH)) ||
|
|
|
|
|
+ (!S_ISDIR(dir_info.st_mode)))) {
|
|
|
|
|
+ /*
|
|
|
|
|
+ * User recovery: set directory to be owned by by root with
|
|
|
|
|
+ * permissions r*x*-x*-x.
|
|
|
|
|
+ */
|
|
|
|
|
+ log_err("Incorrect permissions on stub directory \"%-.1024s\"",
|
|
|
|
|
+ FPSTUBDIR);
|
|
|
|
|
+ exit (250);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /*
|
|
|
|
|
+ * We can't stat the stub. Make sure the stub is not owned by root,
|
|
|
|
|
+ * set-uid, set-gid, and is not group/world writable or executable.
|
|
|
|
|
+ */
|
|
|
|
|
+ if ((stat(cmd, &prg_info) == -1 ||
|
|
|
|
|
+ prg_info.st_uid ||
|
|
|
|
|
+ !(prg_info.st_mode & S_ISUID) ||
|
|
|
|
|
+ (prg_info.st_mode & S_ISGID) ||
|
|
|
|
|
+ (prg_info.st_mode & (S_IWGRP | S_IWOTH)) ||
|
|
|
|
|
+ !(prg_info.st_mode & (S_IXGRP | S_IXOTH)))) {
|
|
|
|
|
+ /*
|
|
|
|
|
+ * User recovery: set stub to be owned by by root with permissions
|
|
|
|
|
+ * r*s*-x*-x.
|
|
|
|
|
+ */
|
|
|
|
|
+ log_err("Incorrect permissions on stub \"%-.1024s\"", cmd);
|
|
|
|
|
+ exit (251);
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ #endif
|
|
|
|
|
|
1998-05-29 04:46:56 +00:00
|
|
|
/*
|
|
|
|
|
* Be sure to close the log file so the CGI can't
|
