httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: Votes please
Date Fri, 24 Jan 1997 23:52:36 GMT
Uh... Correct. That didn't click for me when you mentioned it the other
day. I would instead rather disable the can_exec() when suexec() is
enabled. Simple, doesn't change the arguments to can_exec() etc.


> And, before you vote, remember it also does not handle ~userdir home
> directory CGIs.
> 
> Not necessarily a problem, just not a complete solution.  I am almost
> nearly kindof half-tempted just to disable those checks when suexec is
> enabled; that just means possibly(?) less readable error messages, no?
> 
> On Fri, 24 Jan 1997, Randy Terbush wrote:
> 
> > 
> > This is one that would be nice to get in this beta.
> > 
> > My comments below do not mean that this does not work, it just
> > doesn't work for the group_list which is not compiled in by
> > default if I remember correctly. Tough to check that if we are
> > sending to the wrapper for a different target?
> > 
> > ------- Forwarded Message
> > 
> > Someone reported this bug the other day. The solution below
> > does not solve the issue when MULTIPLE_GROUPS is defined and
> > we are checking an suexec target.
> > 
> > 
> > Index: util.c
> > ===================================================================
> > RCS file: /export/home/cvs/apache/src/util.c,v
> > retrieving revision 1.41
> > diff -c -r1.41 util.c
> > *** util.c	1997/01/20 09:36:26	1.41
> > - --- util.c	1997/01/22 19:02:26
> > ***************
> > *** 936,942 ****
> >       else return 0;
> >   }
> >   
> > ! int can_exec(const struct stat *finfo) {
> >   #ifdef MULTIPLE_GROUPS
> >     int cnt;
> >   #endif
> > - --- 936,942 ----
> >       else return 0;
> >   }
> >   
> > ! int can_exec(request_rec *r) {
> >   #ifdef MULTIPLE_GROUPS
> >     int cnt;
> >   #endif
> > ***************
> > *** 944,963 ****
> >       /* OS/2 dosen't have Users and Groups */
> >       return 1;
> >   #else    
> > !     if(user_id == finfo->st_uid)
> > !         if(finfo->st_mode & S_IXUSR)
> >               return 1;
> > !     if(group_id == finfo->st_gid)
> > !         if(finfo->st_mode & S_IXGRP)
> >               return 1;
> >   #ifdef MULTIPLE_GROUPS
> >       for(cnt=0; cnt < NGROUPS_MAX; cnt++) {
> > !         if(group_id_list[cnt] == finfo->st_gid)
> > !             if(finfo->st_mode & S_IXGRP)
> >                   return 1;
> >       }
> >   #endif
> > !     return (finfo->st_mode & S_IXOTH);
> >   #endif    
> >   }
> >   
> > - --- 944,963 ----
> >       /* OS/2 dosen't have Users and Groups */
> >       return 1;
> >   #else    
> > !     if(r->server->server_uid == r->finfo.st_uid)
> > !         if(r->finfo.st_mode & S_IXUSR)
> >               return 1;
> > !     if(r->server->server_gid == r->finfo.st_gid)
> > !         if(r->finfo.st_mode & S_IXGRP)
> >               return 1;
> >   #ifdef MULTIPLE_GROUPS
> >       for(cnt=0; cnt < NGROUPS_MAX; cnt++) {
> > !         if(group_id_list[cnt] == r->finfo.st_gid)
> > !             if(r->finfo.st_mode & S_IXGRP)
> >                   return 1;
> >       }
> >   #endif
> > !     return (r->finfo.st_mode & S_IXOTH);
> >   #endif    
> >   }
> >   
> > Index: mod_cgi.c
> > ===================================================================
> > RCS file: /export/home/cvs/apache/src/mod_cgi.c,v
> > retrieving revision 1.28
> > diff -c -r1.28 mod_cgi.c
> > *** mod_cgi.c	1997/01/20 04:28:12	1.28
> > - --- mod_cgi.c	1997/01/22 19:10:41
> > ***************
> > *** 377,383 ****
> >       if (r->finfo.st_mode == 0)
> >   	return log_scripterror(r, conf, NOT_FOUND,
> >   			       "script not found or unable to stat");
> > !     if(!can_exec(&r->finfo))
> >   	return log_scripterror(r, conf, FORBIDDEN,
> >   			       "file permissions deny server execution");
> >       
> > - --- 377,383 ----
> >       if (r->finfo.st_mode == 0)
> >   	return log_scripterror(r, conf, NOT_FOUND,
> >   			       "script not found or unable to stat");
> > !     if(!can_exec(r))
> >   	return log_scripterror(r, conf, FORBIDDEN,
> >   			       "file permissions deny server execution");
> >       
> > Index: httpd.h
> > ===================================================================
> > RCS file: /export/home/cvs/apache/src/httpd.h,v
> > retrieving revision 1.79
> > diff -c -r1.79 httpd.h
> > *** httpd.h	1997/01/07 06:18:12	1.79
> > - --- httpd.h	1997/01/22 19:15:53
> > ***************
> > *** 677,683 ****
> >   uid_t uname2id(const char *name);
> >   gid_t gname2id(const char *name);
> >   int is_directory(const char *name);
> > ! int can_exec(const struct stat *);     
> >   void chdir_file(const char *file);
> >        
> >   char *get_local_host(pool *);
> > - --- 677,683 ----
> >   uid_t uname2id(const char *name);
> >   gid_t gname2id(const char *name);
> >   int is_directory(const char *name);
> > ! int can_exec(request_rec *r);     
> >   void chdir_file(const char *file);
> >        
> >   char *get_local_host(pool *);
> > 
> > 
> > ------- End of Forwarded Message
> > 
> > 
> > 




Mime
View raw message