httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject apache chroot'ing (fwd)
Date Fri, 13 Sep 1996 09:25:56 GMT

Not acked.

----- Forwarded message from Lincoln Dale -----

Message-Id: <199609130335.NAA21519@titanic.labtam.oz.au>
To: apache-bugs@mail.apache.org
Subject: apache chroot'ing
From: Lincoln Dale <ltd@aone.com.au>
Date: Fri, 13 Sep 1996 13:35:22 +1000
Sender: ltd@titanic.labtam.oz.au

Hi,

I haven't been following apache developments, other than installing it to
test to see how it handles HTTP-PUT (differently than Netscape does -- ie.
it works).

Either way, one of the 'features' that we use of the netscape servers we
run is that they have the ability to chroot themselves.  Apache didn't
appear to, so I made a quick hack to do this.

the chroot is done before child processes are forked.  the side-effect of
this is that the scoreboard file is stored in the chroot'ed environment, not
the normal log area (chrooting is done _after_ the log and associated files
are setup).

please let me know if you find this useful.  i've only done minimal testing.

cheers,

lincoln.


diff -c apache_1.1.1/src/http_conf_globals.h ltd/http_conf_globals.h
*** apache_1.1.1/src/http_conf_globals.h	Thu Feb 22 22:46:43 1996
--- ltd/http_conf_globals.h	Fri Sep 13 13:23:01 1996
***************
*** 60,65 ****
--- 60,66 ----
  extern uid_t user_id;
  extern char *user_name;
  extern gid_t group_id;
+ extern char chroot_path[MAX_STRING_LEN];
  extern int max_requests_per_child;
  extern struct in_addr bind_address;
  extern listen_rec *listeners;
diff -c apache_1.1.1/src/http_core.c ltd/http_core.c
*** apache_1.1.1/src/http_core.c	Thu Jun 13 04:14:31 1996
--- ltd/http_core.c	Fri Sep 13 13:23:12 1996
***************
*** 648,653 ****
--- 648,659 ----
      return NULL;
  }
  
+ char *set_chroot (cmd_parms *cmd, void *dummy, char *arg) {
+ if (!is_directory (arg)) return "Chroot must be a valid directory";
+     strcpy (chroot_path, arg);
+     return NULL;
+ }
+ 
  char *set_server_root (cmd_parms *cmd, void *dummy, char *arg) {
      if (!is_directory (arg)) return "ServerRoot must be a valid directory";
      strcpy (server_root, arg);
***************
*** 805,810 ****
--- 811,817 ----
  { "HostnameLookups", set_hostname_lookups, NULL, ACCESS_CONF|RSRC_CONF, FLAG, NULL },
  { "User", set_user, NULL, RSRC_CONF, TAKE1, "a username"},
  { "Group", set_group, NULL, RSRC_CONF, TAKE1, "a group name"},
+ { "Chroot", set_chroot, NULL, RSRC_CONF, TAKE1, "a directory path"},
  { "ServerAdmin", set_server_string_slot,
    (void *)XtOffsetOf (server_rec, server_admin), RSRC_CONF, TAKE1,
    "The email address of the server administrator" },
diff -c apache_1.1.1/src/http_main.c ltd/http_main.c
*** apache_1.1.1/src/http_main.c	Tue Jul  9 05:00:35 1996
--- ltd/http_main.c	Fri Sep 13 13:23:26 1996
***************
*** 114,119 ****
--- 114,120 ----
  uid_t user_id;
  char *user_name;
  gid_t group_id;
+ char chroot_path[MAX_STRING_LEN];
  int max_requests_per_child;
  char *pid_fname;
  char *scoreboard_fname;
***************
*** 1276,1281 ****
--- 1277,1289 ----
  {
      int pid;
  
+ 
+     if (chroot_path != NULL) {
+         if (!chroot(chroot_path)) {
+             log_unixerr("chroot", NULL, "unable to chroot", server_conf);
+         }
+     }
+ 
      if (one_process) {
  	signal (SIGHUP, (void (*)())just_die);
  	signal (SIGTERM, (void (*)())just_die);
***************
*** 1494,1499 ****
--- 1502,1508 ----
      
      server_argv0 = argv[0];
      strcpy (server_root, HTTPD_ROOT);
+     strcpy (chroot_path, CHROOT_PATH);
      strcpy (server_confname, SERVER_CONFIG_FILE);
  
      while((c = getopt(argc,argv,"Xd:f:v")) != -1) {
diff -c apache_1.1.1/src/httpd.h ltd/httpd.h
*** apache_1.1.1/src/httpd.h	Tue Jul  9 05:01:19 1996
--- ltd/httpd.h	Fri Sep 13 13:23:36 1996
***************
*** 82,87 ****
--- 82,90 ----
  #define DOCUMENT_LOCATION "/usr/local/etc/httpd/htdocs"
  #endif
  
+ /* chroot path default */
+ #define CHROOT_PATH "/"
+ 
  /* Max. number of dynamically loaded modules */
  #define DYNAMIC_MODULE_LIMIT 64
  

----- End of forwarded message from Lincoln Dale -----

-- 
Rob Hartill (robh@imdb.com)    
http://www.imdb.com/  ... why wait for a clear night to see the stars?.

Mime
View raw message