httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jake Buchholz <j...@execpc.com>
Subject Re: more suexec problems... (fwd)
Date Sat, 21 Dec 1996 02:03:57 GMT
Greetings...  This is the suexec I reported a day or two ago.  I have fixed
it and emailed a patch out to Rob, Randy, and jad@bcc.lousiville.edu.  It's
not the most elegant solution (duplicates a function for the sake of one
call), but Randy indicated that he'd look at changing create_argv() to handle
a variable number of arguments...

Rob Hartill had previously stated:
> ----- Forwarded message from Shadow -----
> Date: Fri, 20 Dec 1996 16:14:03 -0800 (PST)
> From: Shadow <shadow@worldone.com>
> To: apache-bugs@apache.org
> Subject: more suexec problems...
> Message-ID: <Pine.LNX.3.91.961220160017.25767A-100000@avatar.worldone.com>
> 
> I came accross an interesting problem with the suexec code... I think I 
> have a temporary fix in place, but it would take some research on the 
> apache code base to find out whether or not it's the correct answer :)
> 
> On line 513 of util_script.c, there is a call to execle which appears to 
> be incorrectly handled...  When suexec is called by a URL such as 
> http://www.worldone.com/~user/<script>, suexec recieves an argument for 
> the script name that is garbled; after tracing it through the code, I 
> found that it's fine up until this execle call, where apparently it is lost.
> 
> (the specific variable in question is argv0).
> 
> By changing the execle call to match the one a couple of lines up, it 
> seems to work.
> 
> Again, not sure if this is the correct solution, but it may be of some 
> help.  Now to fix more stuff in suexec.c itself *g* :)
> 
> It appears that suexec is a little inconsistant on handling user 
> directories, unless I'm not understanding something about them...
> 
> --Shadow

Here's my diff for util_script.c that fixes the problem...  I, of course,
take no responsibility if you decide to use it!  ;)

-----(snip)-----
*** util_script.c.orig  Thu Dec 19 20:53:45 1996
--- util_script.c       Thu Dec 19 21:26:29 1996
***************
*** 93,98 ****
--- 93,128 ----
      return av;
  }
  
+ /* The following function is a slight modification of the one above, but
+ ** allows us to pass additional argv's ahead of the original to allow us to
+ ** use the suexec wrapper...  (jake@execpc.com -- 19 Dec 1996)
+ */
+ char **create_argv2(pool *p, char *sux, char *xusr, char *xgrp, char *av0,
+       const char *args)
+ {
+     register int x,n;
+     char **av;
+     char *w;
+ 
+     for(x=0,n=2;args[x];x++)
+         if(args[x] == '+') ++n;
+ 
+     av = (char **)palloc(p, (n+4)*sizeof(char *));
+     av[0] = sux;
+     av[1] = xusr;
+     av[2] = xgrp;
+     av[3] = av0;
+ 
+     for(x=1;x<n;x++) {
+         w = getword_nulls(p, &args, '+');
+         unescape_url(w);
+       av[x+3] = escape_shell_cmd(p, w);
+         av[x+3] = w;
+     }
+     av[n+3] = NULL;
+     return av;
+ }
+ 
  static char *http2env(pool *a, char *w)
  {
      char *res = pstrcat (a, "HTTP_", w, NULL);
***************
*** 508,515 ****
--- 538,553 ----
            execle(SUEXEC_BIN, SUEXEC_BIN, execuser, gr->gr_name, argv0, NULL, env);
    
        else
+ /* This commented code incorrectly passes **char as a parameter to execle --
+ ** something it wasn't quite designed to take -- and caused problems when CGIs
+ ** were passed command line parameters...  (jake@execpc.com -- 19 Dec 1996)
+ 
            execle(SUEXEC_BIN, SUEXEC_BIN, execuser, gr->gr_name,
                   create_argv(r->pool, argv0, r->args), NULL, env);
+ */
+ /* The following code _should_ work, however... */ 
+           execve(SUEXEC_BIN, create_argv2(r->pool, SUEXEC_BIN, execuser,
+                  gr->gr_name, argv0, r->args), env);
      }
      else {
        if (shellcmd) 
-----(snip)-----

-- 
Jake Buchholz                                      http://www.execpc.com/~jake
Exec-PC Internet Systems Administrator                         jake@execpc.com

Mime
View raw message