httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@hyperreal.com>
Subject cvs commit: apache/support suexec.c
Date Mon, 03 Mar 1997 19:33:55 GMT
randy       97/03/03 11:33:54

  Modified:    src       CHANGES
  Log:
  suexec changes.
  
  Revision  Changes    Path
  1.182     +4 -0      apache/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache/src/CHANGES,v
  retrieving revision 1.181
  retrieving revision 1.182
  diff -C3 -r1.181 -r1.182
  *** CHANGES	1997/03/03 05:01:43	1.181
  --- CHANGES	1997/03/03 19:30:32	1.182
  ***************
  *** 1,4 ****
  --- 1,8 ----
    Changes with Apache 1.2b8
  +  
  +   *) Fix bug in suexec reintroduced by changes in 1.2b7 which allows
  +      initgroups() to hose the group information needed for later
  +      comparisons. [Randy Terbush]
    
      *) Remove unnecessary call to va_end() in create_argv() which
         caused a SEGV on some systems.
  
  
  

  Modified:    support   suexec.c
  Log:
  Fix bug reintroduced by 1.2b7 which allowed initgroups() to hose the
  group information needed for later comparisons.
  Reviewed by: 3 bug reporters
  
  Revision  Changes    Path
  1.19      +28 -18    apache/support/suexec.c
  
  Index: suexec.c
  ===================================================================
  RCS file: /export/home/cvs/apache/support/suexec.c,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -C3 -r1.18 -r1.19
  *** suexec.c	1997/02/21 01:20:40	1.18
  --- suexec.c	1997/03/03 19:33:53	1.19
  ***************
  *** 216,221 ****
  --- 216,224 ----
        gid_t gid;              /* target group placeholder  */
        char *target_uname;     /* target user name          */
        char *target_gname;     /* target group name         */
  +     char *target_homedir;   /* target home directory     */
  +     char *actual_uname;     /* actual user name            */
  +     char *actual_gname;     /* actual group name           */
        char *prog;             /* name of this program      */
        char *cmd;              /* command to be executed    */
        char cwd[AP_MAXPATH];   /* current working directory */
  ***************
  *** 297,317 ****
        }
    
        /*
         * Log the transaction here to be sure we have an open log 
         * before we setuid().
         */
        log_err("uid: (%s/%s) gid: (%s/%s) %s\n",
  !              target_uname, pw->pw_name,
  !              target_gname, gr->gr_name,
                 cmd);
    
        /*
         * Error out if attempt is made to execute as root or as
         * a UID less than UID_MIN.  Tsk tsk.
         */
  !     if ((pw->pw_uid == 0) ||
  !         (pw->pw_uid < UID_MIN)) {
  ! 	log_err("cannot run as forbidden uid (%d/%s)\n", pw->pw_uid, cmd);
    	exit(107);
        }
    
  --- 300,329 ----
        }
    
        /*
  +      * Save these for later since initgroups will hose the struct
  +      */
  +     uid = pw->pw_uid;
  +     gid = gr->gr_gid;
  +     actual_uname = strdup(pw->pw_name);
  +     actual_gname = strdup(gr->gr_name);
  +     target_homedir = strdup(pw->pw_dir);
  + 
  +     /*
         * Log the transaction here to be sure we have an open log 
         * before we setuid().
         */
        log_err("uid: (%s/%s) gid: (%s/%s) %s\n",
  !              target_uname, actual_uname,
  !              target_gname, actual_gname,
                 cmd);
    
        /*
         * Error out if attempt is made to execute as root or as
         * a UID less than UID_MIN.  Tsk tsk.
         */
  !     if ((uid == 0) ||
  !         (uid < UID_MIN)) {
  ! 	log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
    	exit(107);
        }
    
  ***************
  *** 319,327 ****
         * Error out if attempt is made to execute as root group
         * or as a GID less than GID_MIN.  Tsk tsk.
         */
  !     if ((gr->gr_gid == 0) ||
  !         (gr->gr_gid < GID_MIN)) {
  ! 	log_err("cannot run as forbidden gid (%d/%s)\n", gr->gr_gid, cmd);
    	exit(108);
        }
    
  --- 331,339 ----
         * Error out if attempt is made to execute as root group
         * or as a GID less than GID_MIN.  Tsk tsk.
         */
  !     if ((gid == 0) ||
  !         (gid < GID_MIN)) {
  ! 	log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd);
    	exit(108);
        }
    
  ***************
  *** 331,339 ****
         * Initialize the group access list for the target user,
         * and setgid() to the target group. If unsuccessful, error out.
         */
  !     uid = pw->pw_uid;
  !     gid = gr->gr_gid;
  !     if (((setgid(gid)) != 0) || (initgroups(pw->pw_name,gid) != 0)) {
            log_err("failed to setgid (%ld: %s/%s)\n", gid, cwd, cmd);
            exit(109);
        }
  --- 343,349 ----
         * Initialize the group access list for the target user,
         * and setgid() to the target group. If unsuccessful, error out.
         */
  !     if (((setgid(gid)) != 0) || (initgroups(actual_uname,gid) != 0)) {
            log_err("failed to setgid (%ld: %s/%s)\n", gid, cwd, cmd);
            exit(109);
        }
  ***************
  *** 360,371 ****
        }
        
        if (userdir) {
  !         if (((chdir(pw->pw_dir)) != 0) ||
                ((chdir(USERDIR_SUFFIX)) != 0) ||
    	    ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
                ((chdir(cwd)) != 0))
            {
  !             log_err("cannot get docroot information (%s)\n", pw->pw_dir);
                exit(112);
            }
        }
  --- 370,381 ----
        }
        
        if (userdir) {
  !         if (((chdir(target_homedir)) != 0) ||
                ((chdir(USERDIR_SUFFIX)) != 0) ||
    	    ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
                ((chdir(cwd)) != 0))
            {
  !             log_err("cannot get docroot information (%s)\n", target_homedir);
                exit(112);
            }
        }
  ***************
  *** 428,440 ****
         * Error out if the target name/group is different from
         * the name/group of the cwd or the program.
         */
  !     if ((pw->pw_uid != dir_info.st_uid) ||
  ! 	(gr->gr_gid != dir_info.st_gid) ||
  ! 	(pw->pw_uid != prg_info.st_uid) ||
  ! 	(gr->gr_gid != prg_info.st_gid))
        {
    	log_err("target uid/gid (%ld/%ld) mismatch with directory (%ld/%ld) or program (%ld/%ld)\n",
  ! 		 pw->pw_uid, gr->gr_gid,
    		 dir_info.st_uid, dir_info.st_gid,
    		 prg_info.st_uid, prg_info.st_gid);
    	exit(120);
  --- 438,450 ----
         * Error out if the target name/group is different from
         * the name/group of the cwd or the program.
         */
  !     if ((uid != dir_info.st_uid) ||
  ! 	(gid != dir_info.st_gid) ||
  ! 	(uid != prg_info.st_uid) ||
  ! 	(gid != prg_info.st_gid))
        {
    	log_err("target uid/gid (%ld/%ld) mismatch with directory (%ld/%ld) or program (%ld/%ld)\n",
  ! 		 uid, gid,
    		 dir_info.st_uid, dir_info.st_gid,
    		 prg_info.st_uid, prg_info.st_gid);
    	exit(120);
  
  
  

Mime
View raw message