dgaudet 97/09/25 20:52:15
Modified: src CHANGES
src/main httpd.h util.c util_script.c
src/modules/standard mod_cgi.c
Log:
Change to CGI permission test to allow User/Group tests to do the
right thing for suexec. [Randy Terbush] PR#918
(I had to rework this because the original was from pre-indent -djg)
PR: 918
Submitted by: Randy Terbush
Reviewed by: Dean Gaudet, Jim Jagielski
Revision Changes Path
1.451 +3 -0 apachen/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.450
retrieving revision 1.451
diff -u -r1.450 -r1.451
--- CHANGES 1997/09/26 03:26:21 1.450
+++ CHANGES 1997/09/26 03:52:08 1.451
@@ -1,4 +1,7 @@
Changes with Apache 1.3b1
+
+ *) Change to CGI permission test to allow User/Group tests to do the
+ right thing for suexec. [Randy Terbush] PR#918
*) send_fb would not detect aborted connections in some situations.
[Dean Gaudet]
1.150 +1 -1 apachen/src/main/httpd.h
Index: httpd.h
===================================================================
RCS file: /export/home/cvs/apachen/src/main/httpd.h,v
retrieving revision 1.149
retrieving revision 1.150
diff -u -r1.149 -r1.150
--- httpd.h 1997/09/16 00:25:46 1.149
+++ httpd.h 1997/09/26 03:52:10 1.150
@@ -834,7 +834,7 @@
API_EXPORT(uid_t) uname2id(const char *name);
API_EXPORT(gid_t) gname2id(const char *name);
API_EXPORT(int) is_directory(const char *name);
-API_EXPORT(int) can_exec(const struct stat *);
+API_EXPORT(int) can_exec(const struct stat *, uid_t, gid_t);
API_EXPORT(void) chdir_file(const char *file);
#ifndef HAVE_CANONICAL_FILENAME
1.70 +3 -3 apachen/src/main/util.c
Index: util.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/util.c,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- util.c 1997/09/14 22:18:57 1.69
+++ util.c 1997/09/26 03:52:11 1.70
@@ -1070,7 +1070,7 @@
return (x ? 1 : 0); /* If the first character is ':', it's
broken, too */
}
-API_EXPORT(int) can_exec(const struct stat *finfo)
+API_EXPORT(int) can_exec(const struct stat *finfo, uid_t uid, gid_t gid)
{
#ifdef MULTIPLE_GROUPS
int cnt;
@@ -1079,10 +1079,10 @@
/* OS/2 dosen't have Users and Groups */
return 1;
#else
- if (user_id == finfo->st_uid)
+ if (uid == finfo->st_uid)
if (finfo->st_mode & S_IXUSR)
return 1;
- if (group_id == finfo->st_gid)
+ if (gid == finfo->st_gid)
if (finfo->st_mode & S_IXGRP)
return 1;
#ifdef MULTIPLE_GROUPS
1.75 +14 -0 apachen/src/main/util_script.c
Index: util_script.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/util_script.c,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -r1.74 -r1.75
--- util_script.c 1997/09/16 03:49:57 1.74
+++ util_script.c 1997/09/26 03:52:12 1.75
@@ -827,6 +827,13 @@
grpname = gr->gr_name;
}
+ if (!can_exec(&r->finfo, pw->pw_uid, gr->gr_gid)) {
+ aplog_error(APLOG_MARK, APLOG_ERR, r->server,
+ "file permissions deny server execution: %s",
+ r->filename);
+ return -1;
+ }
+
if (shellcmd)
execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
@@ -841,6 +848,13 @@
}
}
else {
+ if (!can_exec(&r->finfo, user_id, group_id)) {
+ aplog_error(APLOG_MARK, APLOG_ERR, r->server,
+ "file permissions deny server execution: %s",
+ r->filename);
+ return -1;
+ }
+
if (shellcmd)
execle(SHELL_PATH, SHELL_PATH, "-c", argv0, NULL, env);
1.57 +0 -5 apachen/src/modules/standard/mod_cgi.c
Index: mod_cgi.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_cgi.c,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- mod_cgi.c 1997/09/18 08:12:23 1.56
+++ mod_cgi.c 1997/09/26 03:52:14 1.57
@@ -400,11 +400,6 @@
return log_scripterror(r, conf, NOT_FOUND,
"script not found or unable to stat");
#endif
- if (!suexec_enabled) {
- if (!can_exec(&r->finfo))
- return log_scripterror(r, conf, FORBIDDEN,
- "file permissions deny server execution");
- }
if ((retval = setup_client_block(r, REQUEST_CHUNKED_ERROR)))
return retval;
