httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@hyperreal.org>
Subject cvs commit: apachen/src/modules/standard mod_cgi.c
Date Tue, 07 Oct 1997 20:05:08 GMT
dgaudet     97/10/07 13:05:07

  Modified:    src      CHANGES
               src/main httpd.h util.c util_script.c
               src/modules/standard mod_cgi.c
  Log:
  Back out PR#918, it doesn't seem to do what it was supposed to do -- could
  be my fault because I had to update it to the newer logging/formatting.
  But nobody has had a chance to fix it yet.
  
  Revision  Changes    Path
  1.462     +0 -3      apachen/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apachen/src/CHANGES,v
  retrieving revision 1.461
  retrieving revision 1.462
  diff -u -r1.461 -r1.462
  --- CHANGES	1997/10/07 19:53:19	1.461
  +++ CHANGES	1997/10/07 20:04:58	1.462
  @@ -38,9 +38,6 @@
        Also removed the auto-generated link to www.apache.org that was the
        source of so many misdirected bug reports.  [Roy Fielding, Marc Slemko]
   
  -  *) Change to CGI permission test to allow User/Group tests to do the
  -     right thing for suexec. [Randy Terbush] PR#918
  -
     *) send_fb would not detect aborted connections in some situations.
        [Dean Gaudet]
   
  
  
  
  1.153     +1 -1      apachen/src/main/httpd.h
  
  Index: httpd.h
  ===================================================================
  RCS file: /export/home/cvs/apachen/src/main/httpd.h,v
  retrieving revision 1.152
  retrieving revision 1.153
  diff -u -r1.152 -r1.153
  --- httpd.h	1997/10/07 19:34:05	1.152
  +++ httpd.h	1997/10/07 20:05:02	1.153
  @@ -811,7 +811,7 @@
   API_EXPORT(uid_t) uname2id(const char *name);
   API_EXPORT(gid_t) gname2id(const char *name);
   API_EXPORT(int) is_directory(const char *name);
  -API_EXPORT(int) can_exec(const struct stat *, uid_t, gid_t);
  +API_EXPORT(int) can_exec(const struct stat *);
   API_EXPORT(void) chdir_file(const char *file);
   
   #ifndef HAVE_CANONICAL_FILENAME
  
  
  
  1.71      +3 -3      apachen/src/main/util.c
  
  Index: util.c
  ===================================================================
  RCS file: /export/home/cvs/apachen/src/main/util.c,v
  retrieving revision 1.70
  retrieving revision 1.71
  diff -u -r1.70 -r1.71
  --- util.c	1997/09/26 03:52:11	1.70
  +++ util.c	1997/10/07 20:05:03	1.71
  @@ -1070,7 +1070,7 @@
       return (x ? 1 : 0);		/* If the first character is ':', it's broken, too */
   }
   
  -API_EXPORT(int) can_exec(const struct stat *finfo, uid_t uid, gid_t gid)
  +API_EXPORT(int) can_exec(const struct stat *finfo)
   {
   #ifdef MULTIPLE_GROUPS
       int cnt;
  @@ -1079,10 +1079,10 @@
       /* OS/2 dosen't have Users and Groups */
       return 1;
   #else
  -    if (uid == finfo->st_uid)
  +    if (user_id == finfo->st_uid)
   	if (finfo->st_mode & S_IXUSR)
   	    return 1;
  -    if (gid == finfo->st_gid)
  +    if (group_id == finfo->st_gid)
   	if (finfo->st_mode & S_IXGRP)
   	    return 1;
   #ifdef MULTIPLE_GROUPS
  
  
  
  1.77      +0 -14     apachen/src/main/util_script.c
  
  Index: util_script.c
  ===================================================================
  RCS file: /export/home/cvs/apachen/src/main/util_script.c,v
  retrieving revision 1.76
  retrieving revision 1.77
  diff -u -r1.76 -r1.77
  --- util_script.c	1997/10/07 05:27:11	1.76
  +++ util_script.c	1997/10/07 20:05:03	1.77
  @@ -817,13 +817,6 @@
   	    grpname = gr->gr_name;
   	}
   
  -	if (!can_exec(&r->finfo, pw->pw_uid, gr->gr_gid)) {
  -	    aplog_error(APLOG_MARK, APLOG_ERR, r->server,
  -			"file permissions deny server execution: %s",
  -			r->filename);
  -	    return -1;
  -	}
  -
   	if (shellcmd)
   	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
   
  @@ -838,13 +831,6 @@
   	}
       }
       else {
  -	if (!can_exec(&r->finfo, user_id, group_id)) {
  -	    aplog_error(APLOG_MARK, APLOG_ERR, r->server,
  -			"file permissions deny server execution: %s",
  -			r->filename);
  -	    return -1;
  -	}
  -
   	if (shellcmd)
   	    execle(SHELL_PATH, SHELL_PATH, "-c", argv0, NULL, env);
   
  
  
  
  1.60      +5 -0      apachen/src/modules/standard/mod_cgi.c
  
  Index: mod_cgi.c
  ===================================================================
  RCS file: /export/home/cvs/apachen/src/modules/standard/mod_cgi.c,v
  retrieving revision 1.59
  retrieving revision 1.60
  diff -u -r1.59 -r1.60
  --- mod_cgi.c	1997/10/07 05:27:24	1.59
  +++ mod_cgi.c	1997/10/07 20:05:06	1.60
  @@ -393,6 +393,11 @@
   	return log_scripterror(r, conf, NOT_FOUND, APLOG_NOERRNO,
   			       "script not found or unable to stat");
   #endif
  +    if (!suexec_enabled) {
  +	if (!can_exec(&r->finfo))
  +	    return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
  +				   "file permissions deny server execution");
  +    }
   
       if ((retval = setup_client_block(r, REQUEST_CHUNKED_ERROR)))
   	return retval;
  
  
  

Mime
View raw message