source:
trunk/server/common/patches/httpd-suexec-scripts.patch
@
  2517
        
        | Last change on this file since 2517 was 2186, checked in by ezyang, 13 years ago | |
|---|---|
| File size: 9.8 KB | |
- 
        httpd-2.2.2/support/Makefile.in# scripts.mit.edu httpd suexec patch # Copyright (C) 2006, 2007, 2008 Jeff Arnold <jbarnold@mit.edu>, # Joe Presbrey <presbrey@mit.edu>, # Anders Kaseorg <andersk@mit.edu>, # Geoffrey Thomas <geofft@mit.edu> # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA # # See /COPYRIGHT in this repository for more information. # old new 60 60 61 61 suexec_OBJECTS = suexec.lo 62 62 suexec: $(suexec_OBJECTS) 63 $(LINK) $(suexec_OBJECTS)63 $(LINK) -lselinux $(suexec_OBJECTS) 64 64 65 65 htcacheclean_OBJECTS = htcacheclean.lo 66 66 htcacheclean: $(htcacheclean_OBJECTS) 
- 
        httpd-2.2.2/configure.inold new 559 559 APACHE_HELP_STRING(--with-suexec-userdir,User subdirectory),[ 560 560 AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, "$withval", [User subdirectory] ) ] ) 561 561 562 AC_ARG_WITH(suexec-trusteddir, 563 APACHE_HELP_STRING(--with-suexec-trusteddir,Trusted SuExec directory),[ 564 AC_DEFINE_UNQUOTED(AP_TRUSTED_DIRECTORY, "$withval", [Trusted SuExec directory] ) ] ) 565 562 566 AC_ARG_WITH(suexec-docroot, 563 567 APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[ 564 568 AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] ) 
- 
        httpd-2.2.11/support/suexec.cold new 30 30 * 31 31 */ 32 32 33 #define STATIC_CAT_PATH "/usr/bin/static-cat" 34 #define PHP_PATH "/usr/bin/php-cgi" 35 33 36 #include "apr.h" 34 37 #include "ap_config.h" 35 38 #include "suexec.h" … … 46 49 #include <stdio.h> 47 50 #include <stdarg.h> 48 51 #include <stdlib.h> 52 #include <selinux/selinux.h> 49 53 50 54 #ifdef HAVE_PWD_H 51 55 #include <pwd.h> … … 95 99 { 96 100 /* variable name starts with */ 97 101 "HTTP_", 102 "HTTPS_", 98 103 "SSL_", 99 104 100 105 /* variable name is */ … … 245 250 environ = cleanenv; 246 251 } 247 252 253 static const char *static_extensions[] = { 254 "html", 255 "css", 256 "gif", 257 "jpg", 258 "png", 259 "htm", 260 "jpeg", 261 "js", 262 "ico", 263 "xml", 264 "xsl", 265 "tiff", 266 "tif", 267 "tgz", 268 "tar", 269 "jar", 270 "zip", 271 "pdf", 272 "ps", 273 "doc", 274 "xls", 275 "ppt", 276 "dot", 277 "docx", 278 "dotx", 279 "docm", 280 "dotm", 281 "xlt", 282 "xla", 283 "xlsx", 284 "xltx", 285 "xlsm", 286 "xltm", 287 "xlam", 288 "xlsb", 289 "pot", 290 "pps", 291 "ppa", 292 "pptx", 293 "potx", 294 "ppsx", 295 "ppam", 296 "pptm", 297 "potm", 298 "ppsm", 299 "swf", 300 "mp3", 301 "mov", 302 "wmv", 303 "mpg", 304 "mpeg", 305 "avi", 306 "il", 307 "xhtml", 308 "svg", 309 "xaml", 310 "xap", 311 "wav", 312 "mid", 313 "midi", 314 "ttf", 315 "otf", 316 "odc", 317 "odb", 318 "odf", 319 "odg", 320 "otg", 321 "odi", 322 "odp", 323 "otp", 324 "ods", 325 "ots", 326 "odt", 327 "odm", 328 "ott", 329 "oth", 330 NULL 331 }; 332 333 static int is_static_extension(const char *file) 334 { 335 const char *extension = strrchr(file, '.'); 336 const char **p; 337 if (extension == NULL) return 0; 338 for (p = static_extensions; *p; ++p) { 339 if (strcasecmp(extension + 1, *p) == 0) return 1; 340 } 341 return 0; 342 } 343 344 static int is_php_extension(const char *file) 345 { 346 const char *extension = strrchr(file, '.'); 347 if (extension == NULL) return 0; 348 return strcmp(extension + 1, "php") == 0; 349 } 350 248 351 int main(int argc, char *argv[]) 249 352 { 250 353 int userdir = 0; /* ~userdir flag */ 354 int trusteddir = 0; /* TRUSTED_DIRECTORY flag */ 251 355 uid_t uid; /* user information */ 252 356 gid_t gid; /* target group placeholder */ 253 357 char *target_uname; /* target user name */ … … 268 368 * Start with a "clean" environment 269 369 */ 270 370 clean_env(); 371 setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */ 271 372 272 373 prog = argv[0]; 273 374 /* … … 350 451 #endif /*_OSD_POSIX*/ 351 452 352 453 /* 454 * First check if this is an absolute path to the directory 455 * of trusted executables. These are supposed to be security 456 * audited to check parameters and validity on their own... 457 */ 458 if (strstr(cmd, AP_TRUSTED_DIRECTORY) == cmd) { 459 if (strstr(cmd, "/../") != NULL) { 460 log_err("invalid command (%s)\n", cmd); 461 exit(104); 462 } 463 trusteddir = 1; 464 goto TRUSTED_DIRECTORY; 465 } 466 467 /* 353 468 * Check for a leading '/' (absolute path) in the command to be executed, 354 469 * or attempts to back up out of the current directory, 355 470 * to protect against attacks. If any are … … 371 486 userdir = 1; 372 487 } 373 488 489 TRUSTED_DIRECTORY: 374 490 /* 375 491 * Error out if the target username is invalid. 376 492 */ … … 452 568 * Error out if attempt is made to execute as root or as 453 569 * a UID less than AP_UID_MIN. Tsk tsk. 454 570 */ 455 if ((uid == 0) || (uid < AP_UID_MIN )) {571 if ((uid == 0) || (uid < AP_UID_MIN && uid != 102)) { /* uid 102 = signup */ 456 572 log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd); 457 573 exit(107); 458 574 } … … 484 599 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 485 600 exit(110); 486 601 } 602 setenv("HOME", target_homedir, 1); 487 603 488 604 /* 489 605 * Get the current working directory, as well as the proper … … 506 637 log_err("cannot get docroot information (%s)\n", target_homedir); 507 638 exit(112); 508 639 } 640 size_t expected_len = strlen(target_homedir)+1+strlen(AP_USERDIR_SUFFIX)+1; 641 char *expected = malloc(expected_len); 642 snprintf(expected, expected_len, "%s/%s", target_homedir, AP_USERDIR_SUFFIX); 643 if (strncmp(cwd, expected, expected_len-1) != 0) { 644 log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected); 645 exit(114); 646 } 647 } 648 else if (trusteddir) { 649 if (((chdir(AP_TRUSTED_DIRECTORY)) != 0) || 650 ((getcwd(dwd, AP_MAXPATH)) == NULL) | 651 ((chdir(cwd)) != 0)) { 652 log_err("cannot get docroot information (%s)\n", AP_TRUSTED_DIRECTORY); 653 exit(112); 654 } 509 655 } 510 656 else { 511 657 if (((chdir(AP_DOC_ROOT)) != 0) || … … 532 678 /* 533 679 * Error out if cwd is writable by others. 534 680 */ 681 #if 0 535 682 if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) { 536 683 log_err("directory is writable by others: (%s)\n", cwd); 537 684 exit(116); 538 685 } 686 #endif 539 687 540 688 /* 541 689 * Error out if we cannot stat the program. 542 690 */ 543 if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {691 if (((lstat(cmd, &prg_info)) != 0) /*|| (S_ISLNK(prg_info.st_mode))*/) { 544 692 log_err("cannot stat program: (%s)\n", cmd); 545 693 exit(117); 546 694 } … … 548 696 /* 549 697 * Error out if the program is writable by others. 550 698 */ 699 #if 0 551 700 if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) { 552 701 log_err("file is writable by others: (%s/%s)\n", cwd, cmd); 553 702 exit(118); 554 703 } 704 #endif 555 705 556 706 /* 557 707 * Error out if the file is setuid or setgid. … … 565 715 * Error out if the target name/group is different from 566 716 * the name/group of the cwd or the program. 567 717 */ 718 #if 0 568 719 if ((uid != dir_info.st_uid) || 569 720 (gid != dir_info.st_gid) || 570 721 (uid != prg_info.st_uid) || … … 576 727 prg_info.st_uid, prg_info.st_gid); 577 728 exit(120); 578 729 } 730 #endif 579 731 /* 580 732 * Error out if the program is not executable for the user. 581 733 * Otherwise, she won't find any error in the logs except for 582 734 * "[error] Premature end of script headers: ..." 583 735 */ 584 if (!(prg_info.st_mode & S_IXUSR)) { 736 if (!is_static_extension(cmd) && !is_php_extension(cmd) && 737 !(prg_info.st_mode & S_IXUSR)) { 585 738 log_err("file has no execute permission: (%s/%s)\n", cwd, cmd); 586 739 exit(121); 587 740 } … … 614 767 /* 615 768 * Execute the command, replacing our image with its own. 616 769 */ 770 if (is_static_extension(cmd)) { 771 if (setenv("PATH_TRANSLATED", cmd, 1) != 0) { 772 log_err("setenv failed\n"); 773 exit(255); 774 } 775 execl(STATIC_CAT_PATH, STATIC_CAT_PATH, (const char *)NULL); 776 log_err("(%d)%s: static-cat exec failed (%s)\n", errno, strerror(errno), STATIC_CAT_PATH); 777 exit(255); 778 } 779 if (is_php_extension(cmd)) { 780 setenv("PHPRC", ".", 1); 781 argv[1] = PHP_PATH; 782 argv[2] = "-f"; 783 /* 784 * argv[3] is the command to run. argv[4] is either an argument or 785 * already null. We don't want to pass any arguments through from 786 * Apache (since they're untrusted), so we chop off the remainder 787 * of argv here. 788 */ 789 argv[4] = 0; 790 execv(PHP_PATH, &argv[1]); 791 log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[1]); 792 exit(255); 793 } 617 794 #ifdef NEED_HASHBANG_EMUL 618 795 /* We need the #! emulation when we want to execute scripts */ 619 796 { 
Note: See TracBrowser
        for help on using the repository browser.
    
