httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: SetUID
Date Mon, 01 Apr 1996 13:03:40 GMT
> On Sun, 31 Mar 1996, Randy Terbush wrote:
> 
> > I have implemented a feature which allows you to set the owner
> > and group for CGI execution based on 'User' and 'Group' config
> > parameters in the VirtualHost setup.
> >
> > I'm off to watch Nova and wanted to fire this at the group.
> > Let me know what you think.
> 
> I'd like to, but the diff you included appears to be missing a file -
> http_exec.c, which is referenced in the Makefile, but not
> included. I'm guessing this includes the code related to setuid
> execution, but I'd like to see it.
> 
> Thanks.
> 

Ooops


/* ====================================================================
 * Copyright (c) 1995 The Apache Group.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the Apache Group
 *    for use in the Apache HTTP server project (http://www.apache.org/)."
 *
 * 4. The names "Apache Server" and "Apache Group" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission.
 *
 * 5. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the Apache Group
 *    for use in the Apache HTTP server project (http://www.apache.org/)."
 *
 * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Group and was originally based
 * on public domain software written at the National Center for
 * Supercomputing Applications, University of Illinois, Urbana-Champaign.
 * For more information on the Apache Group and the Apache HTTP server
 * project, please see <http://www.apache.org/>.
 *
 */


/*
 * http_exec.c: functions to handle exec requests
 * 
 */

#include "httpd.h"
#include "http_core.h"
#include "http_log.h"
#include "util_script.h"


/* KLUDGE --- for back-combatibility, we don't have to check ExecCGI
 * in ScriptAliased directories, which means we need to know if this
 * request came through ScriptAlias or not... so the Alias module
 * leaves a note for us.
 */

int is_scriptaliased (request_rec *r)
{
    char *t = table_get (r->notes, "alias-forced-type");
    return t && (!strcmp (t, "cgi-script"));
}


void
do_exec (request_rec *r) 
{
    char *argv0 = '\0';
    char **env = NULL;
    struct passwd *pw;


    env = create_environment (r->pool, r->subprocess_env);

#ifdef __EMX__    
    if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >= 0)) {
	int emxloop;
	char *emxtemp;

	/* For OS/2 place the variables in the current
	   enviornment then it will be inherited. This way
	   the program will also get all of OS/2's other SETs. */
	for (emxloop=0; ((emxtemp = env[emxloop]) != NULL); emxloop++)
	    putenv(emxtemp);
                
	if (strstr(strupr(r->filename), ".CMD") > 0) {
	    /* Special case to allow use of REXX commands as scripts. */
	    os2pathname(r->filename);
	    execl("CMD.EXE", "CMD.EXE", "/C", r->filename, NULL);
	} else {
	    execl(r->filename, argv0, NULL);
	}
    } else {
	int emxloop;
	char *emxtemp;
            
	/* For OS/2 place the variables in the current
	   enviornment then it will be inherited. This way
	   the program will also get all of OS/2's other SETs. */
	for (emxloop=0; ((emxtemp = env[emxloop]) != NULL); emxloop++)
	    putenv(emxtemp);
                
	if (strstr(strupr(r->filename), ".CMD") > 0) {
	    /* Special case to allow use of REXX commands as scripts. */
	    os2pathname(r->filename);
	    execv("CMD.EXE", create_argv_cmd(r->pool, argv0, r->args, r->filename));
	} else {
	    execv(r->filename, create_argv(r->pool, argv0, r->args));
	}
    }
#else
    pw = getpwuid (r->server->server_uid);
    
    seteuid (0);
    initgroups (pw->pw_name, r->server->server_gid);
    setuid (r->server->server_uid);
    setgid (r->server->server_gid);
    
    if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >= 0)) 
        execle(r->filename, argv0, NULL, env);
    else 
        execve(r->filename, create_argv(r->pool, argv0, r->args), env);
#endif
}


int
can_exec(request_rec *r) {

    int nph;
    int is_included;
    char *argv0;
    char *lenp;
    char *current_dir = '\0';
    
    struct stat dir_info;

    argv0 = r->filename;
    lenp = table_get (r->headers_in, "Content-length");
    nph = !(strncmp(argv0,"nph-",4));
    is_included = !strcmp (r->protocol, "INCLUDED");
    
    if (!(allow_options (r) & OPT_EXECCGI) && !is_scriptaliased (r)) {
        log_reason("Options ExecCGI is off in this directory", r->filename, r);
	return FORBIDDEN;
    }
    if (nph && is_included) {
        log_reason("attempt to include NPH CGI script", r->filename, r);
	return FORBIDDEN;
    }
    if (S_ISDIR(r->finfo.st_mode)) {
        log_reason("attempt to invoke directory as script", r->filename, r);
	return FORBIDDEN;
    }
    if (r->finfo.st_mode == 0) {
        log_reason("script not found or unable to stat", r->filename, r);
	return NOT_FOUND;
    }
    if ((r->method_number == M_POST || r->method_number == M_PUT) && !lenp)
{
        log_reason("POST or PUT without Content-length:", r->filename, r);
	return BAD_REQUEST;
    }

#ifdef __EMX__
    /* OS/2 dosen't have Users and Groups */
    return (r->finfo.st_mode & S_IEXEC);
#else
    current_dir = make_dirstr (r->pool, r->filename, count_dirs(r->filename));

    if ((stat (current_dir, &dir_info)) && !(S_ISDIR(dir_info.st_mode))) {
	log_reason("cannot stat directory", current_dir, r);
	return NOT_FOUND;
    }
    if (dir_info.st_mode & S_IWOTH || dir_info.st_mode & S_IWGRP) {
	log_reason("directory is writable by others - cannot execute", r->filename, r);
	return FORBIDDEN;
    }
    if (r->finfo.st_mode & S_IWOTH || r->finfo.st_mode & S_IWGRP) {
	log_reason("file is writable by others - cannot execute", r->filename, r);
	return FORBIDDEN;
    }
    if (r->server->server_uid != dir_info.st_uid) {
	log_reason("file owner and directory owner do not match server euid", r->filename, r);
	return FORBIDDEN;
    }
    if(r->server->server_uid == r->finfo.st_uid)
        if(!(r->finfo.st_mode & S_IXUSR)) {
	    log_reason("file permissions deny owner execution", r->filename, r);
	    return FORBIDDEN;
	}
	else return 0;
    	    
    if(r->server->server_gid == r->finfo.st_gid)
        if(!(r->finfo.st_mode & S_IXGRP)) {
	    log_reason("file permissions deny group execution", r->filename, r);
            return FORBIDDEN;
	}
	else return 0;
    
    return (r->finfo.st_mode & S_IXOTH);
#endif    
}





Mime
View raw message