httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: [PATCH] PR#921: suexec uses cwd before setting it
Date Mon, 18 Aug 1997 14:55:01 GMT
+1

Useful to have this info for attempted misuse of the wrapper.


> Submitted-by: Jason Riedy <ejr@cise.ufl.edu>
> 
> The other choice is to just not log the name of the command it is trying
> to execute at that point.
> 
> --- suexec.c.orig	Sat Jul 26 04:21:54 1997
> +++ suexec.c	Sat Jul 26 04:23:25 1997
> @@ -222,4 +222,5 @@
>      char *prog;             /* name of this program      */
>      char *cmd;              /* command to be executed    */
> +    char *script_filename;  /* SCRIPT_FILENAME CGI environment var */
>      char cwd[AP_MAXPATH];   /* current working directory */
>      char dwd[AP_MAXPATH];   /* docroot working directory */
> @@ -324,8 +325,9 @@
>       * before we setuid().
>       */
> +    script_filename = getenv ("SCRIPT_FILENAME");
>      log_err("uid: (%s/%s) gid: (%s/%s) %s\n",
>               target_uname, actual_uname,
>               target_gname, actual_gname,
> -             cmd);
> +             script_filename);
>  
>      /*
> @@ -356,5 +358,5 @@
>       */
>      if (((setgid(gid)) != 0) || (initgroups(actual_uname,gid) != 0)) {
> -        log_err("failed to setgid (%ld: %s/%s)\n", gid, cwd, cmd);
> +        log_err("failed to setgid (%ld: %s)\n", gid, script_filename);
>          exit(109);
>      }
> @@ -364,5 +366,5 @@
>       */
>      if ((setuid(uid)) != 0) {
> -	log_err("failed to setuid (%ld: %s/%s)\n", uid, cwd, cmd);
> +	log_err("failed to setuid (%ld: %s)\n", uid, script_filename);
>  	exit(110);
>      }




Mime
View raw message