httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Re: Patch for perms checks on cgi scripts
Date Sun, 15 Sep 1996 22:51:55 GMT
David Abel wrote:
>
>Hope this helps.  If you have any questions, please don't hesitate
>to contact me.

thanks. I'll pass the patch on to the developers list for consideration.

cheers,
rob

>
>--- being http_conf_globals.h ---
>
>*** http_conf_globals.h Mon Jul 29 21:43:23 1996
>--- /usr/local/apache/src/http_conf_globals.h   Sun Sep 15 17:34:48 1996
>***************
>*** 60,65 ****
>--- 60,66 ----
>  extern uid_t user_id;
>  extern char *user_name;
>  extern gid_t group_id;
>+ extern gid_t group_id_list[NGROUPS_MAX];
>  extern int max_requests_per_child;
>  extern struct in_addr bind_address;
>  extern listen_rec *listeners;
>
>--- end http_conf_globals.h ---
>
>
>
>
>--- begin http_main.c ---
>
>*** http_main.c Mon Jul 29 21:44:40 1996
>--- /usr/local/apache/src/http_main.c   Sun Sep 15 17:20:29 1996
>***************
>*** 114,119 ****
>--- 114,120 ----
>  uid_t user_id;
>  char *user_name;
>  gid_t group_id;
>+ gid_t group_id_list[NGROUPS_MAX];
>  int max_requests_per_child;
>  char *pid_fname;
>  char *scoreboard_fname;
>***************
>*** 1014,1019 ****
>--- 1015,1026 ----
>      if (initgroups(name, group_id) == -1) {
>        log_unixerr("initgroups", NULL, "unable to set groups", server_conf);
>        exit (1);
>+     }
>+ 
>+     /* Ok, now get all the groups that we're a member of */
>+     if (getgroups(NGROUPS_MAX, group_id_list) == -1) {
>+       log_unixerr("getgroups", NULL, "unable to determine our group
>membership", server_conf);
>+       exit(1);
>      }
>  
>      if (setgid(group_id) == -1) {
>
>--- end http_main.c ---
>
>
>
>
>--- being util.c ---
>
>*** util.c      Mon Aug 12 12:33:56 1996
>--- /usr/local/apache/src/util.c        Sun Sep 15 18:14:26 1996
>***************
>*** 822,827 ****
>--- 822,828 ----
>  }
>  
>  int can_exec(struct stat *finfo) {
>+   int cnt;
>  #ifdef __EMX__
>      /* OS/2 dosen't have Users and Groups */
>      return (finfo->st_mode & S_IEXEC);
>***************
>*** 829,837 ****
>      if(user_id == finfo->st_uid)
>          if(finfo->st_mode & S_IXUSR)
>              return 1;
>!     if(group_id == finfo->st_gid)
>!         if(finfo->st_mode & S_IXGRP)
>!             return 1;
>      return (finfo->st_mode & S_IXOTH);
>  #endif    
>  }
>--- 830,840 ----
>      if(user_id == finfo->st_uid)
>          if(finfo->st_mode & S_IXUSR)
>              return 1;
>!     for(cnt=0; cnt < NGROUPS_MAX; cnt++) {
>!         if(group_id_list[cnt] == finfo->st_gid)
>!             if(finfo->st_mode & S_IXGRP)
>!                 return 1;
>!     }
>      return (finfo->st_mode & S_IXOTH);
>  #endif    
>  }
>
>
>--- end util.c ---
>
>
>David G. Abel
>---
>Abel Information Services                                     121 Binnacle Dr.
>e-mail: dabel@abel-info.com                             Newport News, Va 23602
>Voice: (804) 872-6815       Fax: (804) 877-1156       http://www.abel-info.com
>

Mime
View raw message