httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject [PATCH] properly check if owner or group can_exec
Date Wed, 22 Jan 1997 19:39:05 GMT
Someone reported this bug the other day. The solution below
does not solve the issue when MULTIPLE_GROUPS is defined and
we are checking an suexec target.


Index: util.c
===================================================================
RCS file: /export/home/cvs/apache/src/util.c,v
retrieving revision 1.41
diff -c -r1.41 util.c
*** util.c	1997/01/20 09:36:26	1.41
--- util.c	1997/01/22 19:02:26
***************
*** 936,942 ****
      else return 0;
  }
  
! int can_exec(const struct stat *finfo) {
  #ifdef MULTIPLE_GROUPS
    int cnt;
  #endif
--- 936,942 ----
      else return 0;
  }
  
! int can_exec(request_rec *r) {
  #ifdef MULTIPLE_GROUPS
    int cnt;
  #endif
***************
*** 944,963 ****
      /* OS/2 dosen't have Users and Groups */
      return 1;
  #else    
!     if(user_id == finfo->st_uid)
!         if(finfo->st_mode & S_IXUSR)
              return 1;
!     if(group_id == finfo->st_gid)
!         if(finfo->st_mode & S_IXGRP)
              return 1;
  #ifdef MULTIPLE_GROUPS
      for(cnt=0; cnt < NGROUPS_MAX; cnt++) {
!         if(group_id_list[cnt] == finfo->st_gid)
!             if(finfo->st_mode & S_IXGRP)
                  return 1;
      }
  #endif
!     return (finfo->st_mode & S_IXOTH);
  #endif    
  }
  
--- 944,963 ----
      /* OS/2 dosen't have Users and Groups */
      return 1;
  #else    
!     if(r->server->server_uid == r->finfo.st_uid)
!         if(r->finfo.st_mode & S_IXUSR)
              return 1;
!     if(r->server->server_gid == r->finfo.st_gid)
!         if(r->finfo.st_mode & S_IXGRP)
              return 1;
  #ifdef MULTIPLE_GROUPS
      for(cnt=0; cnt < NGROUPS_MAX; cnt++) {
!         if(group_id_list[cnt] == r->finfo.st_gid)
!             if(r->finfo.st_mode & S_IXGRP)
                  return 1;
      }
  #endif
!     return (r->finfo.st_mode & S_IXOTH);
  #endif    
  }
  
Index: mod_cgi.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_cgi.c,v
retrieving revision 1.28
diff -c -r1.28 mod_cgi.c
*** mod_cgi.c	1997/01/20 04:28:12	1.28
--- mod_cgi.c	1997/01/22 19:10:41
***************
*** 377,383 ****
      if (r->finfo.st_mode == 0)
  	return log_scripterror(r, conf, NOT_FOUND,
  			       "script not found or unable to stat");
!     if(!can_exec(&r->finfo))
  	return log_scripterror(r, conf, FORBIDDEN,
  			       "file permissions deny server execution");
      
--- 377,383 ----
      if (r->finfo.st_mode == 0)
  	return log_scripterror(r, conf, NOT_FOUND,
  			       "script not found or unable to stat");
!     if(!can_exec(r))
  	return log_scripterror(r, conf, FORBIDDEN,
  			       "file permissions deny server execution");
      
Index: httpd.h
===================================================================
RCS file: /export/home/cvs/apache/src/httpd.h,v
retrieving revision 1.79
diff -c -r1.79 httpd.h
*** httpd.h	1997/01/07 06:18:12	1.79
--- httpd.h	1997/01/22 19:15:53
***************
*** 677,683 ****
  uid_t uname2id(const char *name);
  gid_t gname2id(const char *name);
  int is_directory(const char *name);
! int can_exec(const struct stat *);     
  void chdir_file(const char *file);
       
  char *get_local_host(pool *);
--- 677,683 ----
  uid_t uname2id(const char *name);
  gid_t gname2id(const char *name);
  int is_directory(const char *name);
! int can_exec(request_rec *r);     
  void chdir_file(const char *file);
       
  char *get_local_host(pool *);



Mime
View raw message