source:
branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch
@
  2102
        
        | Last change on this file since 2102 was 1179, checked in by mitchb, 16 years ago | |
|---|---|
| File size: 9.2 KB | |
- 
        httpd-2.2.2/support/Makefile.in# scripts.mit.edu httpd suexec patch # Copyright (C) 2006, 2007, 2008 Jeff Arnold <jbarnold@mit.edu>, # Joe Presbrey <presbrey@mit.edu>, # Anders Kaseorg <andersk@mit.edu>, # Geoffrey Thomas <geofft@mit.edu> # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # # See /COPYRIGHT in this repository for more information. # old new 60 60 61 61 suexec_OBJECTS = suexec.lo 62 62 suexec: $(suexec_OBJECTS) 63 $(LINK) $(suexec_OBJECTS)63 $(LINK) -lselinux $(suexec_OBJECTS) 64 64 65 65 htcacheclean_OBJECTS = htcacheclean.lo 66 66 htcacheclean: $(htcacheclean_OBJECTS) 
- 
        httpd-2.2.2/configure.inold new 559 559 APACHE_HELP_STRING(--with-suexec-userdir,User subdirectory),[ 560 560 AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, "$withval", [User subdirectory] ) ] ) 561 561 562 AC_ARG_WITH(suexec-trusteddir, 563 APACHE_HELP_STRING(--with-suexec-trusteddir,Trusted SuExec directory),[ 564 AC_DEFINE_UNQUOTED(AP_TRUSTED_DIRECTORY, "$withval", [Trusted SuExec directory] ) ] ) 565 562 566 AC_ARG_WITH(suexec-docroot, 563 567 APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[ 564 568 AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] ) 
- 
        httpd-2.2.11/support/suexec.cold new 30 30 * 31 31 */ 32 32 33 #define STATIC_CAT_PATH "/usr/local/bin/static-cat" 34 #define PHP_PATH "/usr/bin/php-cgi" 35 33 36 #include "apr.h" 34 37 #include "ap_config.h" 35 38 #include "suexec.h" … … 46 49 #include <stdio.h> 47 50 #include <stdarg.h> 48 51 #include <stdlib.h> 52 #include <selinux/selinux.h> 49 53 50 54 #ifdef HAVE_PWD_H 51 55 #include <pwd.h> … … 95 99 { 96 100 /* variable name starts with */ 97 101 "HTTP_", 102 "HTTPS_", 98 103 "SSL_", 99 104 100 105 /* variable name is */ … … 245 250 environ = cleanenv; 246 251 } 247 252 253 static const char *static_extensions[] = { 254 "html", 255 "css", 256 "gif", 257 "jpg", 258 "png", 259 "htm", 260 "jpeg", 261 "js", 262 "ico", 263 "xml", 264 "xsl", 265 "tiff", 266 "tif", 267 "tgz", 268 "tar", 269 "jar", 270 "zip", 271 "pdf", 272 "ps", 273 "doc", 274 "xls", 275 "ppt", 276 "swf", 277 "mp3", 278 "mov", 279 "wmv", 280 "mpg", 281 "mpeg", 282 "avi", 283 "il", 284 "JPG", 285 "xhtml", 286 "svg", 287 "xaml", 288 "xap", 289 NULL 290 }; 291 292 static int is_static_extension(const char *file) 293 { 294 const char *extension = strrchr(file, '.'); 295 const char **p; 296 if (extension == NULL) return 0; 297 for (p = static_extensions; *p; ++p) { 298 if (strcmp(extension + 1, *p) == 0) return 1; 299 } 300 return 0; 301 } 302 303 static int is_php_extension(const char *file) 304 { 305 const char *extension = strrchr(file, '.'); 306 if (extension == NULL) return 0; 307 return strcmp(extension + 1, "php") == 0; 308 } 309 248 310 int main(int argc, char *argv[]) 249 311 { 250 312 int userdir = 0; /* ~userdir flag */ 313 int trusteddir = 0; /* TRUSTED_DIRECTORY flag */ 251 314 uid_t uid; /* user information */ 252 315 gid_t gid; /* target group placeholder */ 253 316 char *target_uname; /* target user name */ … … 268 331 * Start with a "clean" environment 269 332 */ 270 333 clean_env(); 334 setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */ 271 335 272 336 prog = argv[0]; 273 337 /* … … 350 414 #endif /*_OSD_POSIX*/ 351 415 352 416 /* 417 * First check if this is an absolute path to the directory 418 * of trusted executables. These are supposed to be security 419 * audited to check parameters and validity on their own... 420 */ 421 if (strstr(cmd, AP_TRUSTED_DIRECTORY) == cmd) { 422 if (strstr(cmd, "/../") != NULL) { 423 log_err("invalid command (%s)\n", cmd); 424 exit(104); 425 } 426 trusteddir = 1; 427 goto TRUSTED_DIRECTORY; 428 } 429 430 /* 353 431 * Check for a leading '/' (absolute path) in the command to be executed, 354 432 * or attempts to back up out of the current directory, 355 433 * to protect against attacks. If any are … … 371 449 userdir = 1; 372 450 } 373 451 452 TRUSTED_DIRECTORY: 374 453 /* 375 454 * Error out if the target username is invalid. 376 455 */ … … 452 531 * Error out if attempt is made to execute as root or as 453 532 * a UID less than AP_UID_MIN. Tsk tsk. 454 533 */ 455 if ((uid == 0) || (uid < AP_UID_MIN )) {534 if ((uid == 0) || (uid < AP_UID_MIN && uid != 102)) { 456 535 log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd); 457 536 exit(107); 458 537 } … … 484 563 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 485 564 exit(110); 486 565 } 566 if (is_selinux_enabled()) { 567 if (uid == 102) { 568 if (setexeccon("system_u:system_r:signup_t:s0") == -1) { 569 log_err("failed to setexeccon (%ld: %s) to signup_t\n", uid, cmd); 570 exit(201); 571 } 572 } else { 573 if (setexeccon("user_u:user_r:user_t:s0") == -1) { 574 log_err("failed to setexeccon (%ld: %s) to user_t\n", uid, cmd); 575 exit(202); 576 } 577 } 578 } 579 580 setenv("HOME", target_homedir, 1); 487 581 488 582 /* 489 583 * Get the current working directory, as well as the proper … … 506 600 log_err("cannot get docroot information (%s)\n", target_homedir); 507 601 exit(112); 508 602 } 603 size_t expected_len = strlen(target_homedir)+1+strlen(AP_USERDIR_SUFFIX)+1; 604 char *expected = malloc(expected_len); 605 snprintf(expected, expected_len, "%s/%s", target_homedir, AP_USERDIR_SUFFIX); 606 if (strncmp(cwd, expected, expected_len-1) != 0) { 607 log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected); 608 exit(114); 609 } 610 } 611 else if (trusteddir) { 612 if (((chdir(AP_TRUSTED_DIRECTORY)) != 0) || 613 ((getcwd(dwd, AP_MAXPATH)) == NULL) | 614 ((chdir(cwd)) != 0)) { 615 log_err("cannot get docroot information (%s)\n", AP_TRUSTED_DIRECTORY); 616 exit(112); 617 } 509 618 } 510 619 else { 511 620 if (((chdir(AP_DOC_ROOT)) != 0) || … … 532 641 /* 533 642 * Error out if cwd is writable by others. 534 643 */ 644 #if 0 535 645 if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) { 536 646 log_err("directory is writable by others: (%s)\n", cwd); 537 647 exit(116); 538 648 } 649 #endif 539 650 540 651 /* 541 652 * Error out if we cannot stat the program. 542 653 */ 543 if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {654 if (((lstat(cmd, &prg_info)) != 0) /*|| (S_ISLNK(prg_info.st_mode))*/) { 544 655 log_err("cannot stat program: (%s)\n", cmd); 545 656 exit(117); 546 657 } … … 548 659 /* 549 660 * Error out if the program is writable by others. 550 661 */ 662 #if 0 551 663 if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) { 552 664 log_err("file is writable by others: (%s/%s)\n", cwd, cmd); 553 665 exit(118); 554 666 } 667 #endif 555 668 556 669 /* 557 670 * Error out if the file is setuid or setgid. … … 565 678 * Error out if the target name/group is different from 566 679 * the name/group of the cwd or the program. 567 680 */ 681 #if 0 568 682 if ((uid != dir_info.st_uid) || 569 683 (gid != dir_info.st_gid) || 570 684 (uid != prg_info.st_uid) || … … 576 690 prg_info.st_uid, prg_info.st_gid); 577 691 exit(120); 578 692 } 693 #endif 579 694 /* 580 695 * Error out if the program is not executable for the user. 581 696 * Otherwise, she won't find any error in the logs except for 582 697 * "[error] Premature end of script headers: ..." 583 698 */ 584 if (!(prg_info.st_mode & S_IXUSR)) { 699 if (!is_static_extension(cmd) && !is_php_extension(cmd) && 700 !(prg_info.st_mode & S_IXUSR)) { 585 701 log_err("file has no execute permission: (%s/%s)\n", cwd, cmd); 586 702 exit(121); 587 703 } 588 704 705 if (is_static_extension(cmd)) { 706 argv[2] = STATIC_CAT_PATH; 707 execv(STATIC_CAT_PATH, &argv[2]); 708 log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]); 709 exit(255); 710 } 711 if (is_php_extension(cmd)) { 712 setenv("PHPRC", ".", 1); 713 argv[1] = PHP_PATH; 714 argv[2] = "-f"; 715 execv(PHP_PATH, &argv[1]); 716 log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[2]); 717 exit(255); 718 } 719 589 720 #ifdef AP_SUEXEC_UMASK 590 721 /* 591 722 * umask() uses inverse logic; bits are CLEAR for allowed access. 
Note: See TracBrowser
        for help on using the repository browser.
    
