[suPHP] Patch for suphp and chroot

Mon, 25 Jan 2010 13:22:30 -0800 

Hello,

In reply to 
https://lists.marsching.com/pipermail/suphp/2009-December/002278.html

I was facing the same problems, and after fiddling for some hours with
the code, and also partly thanks to
<https://lists.marsching.com/pipermail/suphp/2006-February/001224.html>,
I've successfully created a patch that chroots properly before
executing the script. A preliminary test with phpinfo() shows the
correct paths inside the jail, so I'm quite confident that it will
work.

I would be grateful if someone could review the patch and probably
enhance it. C++ is not my strongest language...

Best regards,

Fernando Nájera
--- src/Application.cpp   2009-03-14 18:55:25.000000000 +0100
+++ src/Application-new.cpp 2010-01-25 21:25:07.000000000 +0100
@@ -64,6 +64,7 @@
     // initialization
     try {
         std::string scriptFilename;
+        std::string documentRoot;
         UserInfo targetUser;
         GroupInfo targetGroup;

@@ -89,6 +90,13 @@
             this->printAboutMessage();
             return 1;
         }
+       try {
+            documentRoot = env.getVar("DOCUMENT_ROOT");
+       } catch (KeyNotFoundException& e) {
+           logger.logError("Environment variable DOCUMENT_ROOT not set");
+           this->printAboutMessage();
+           return 1;
+       }


         // Do checks that do not need target user info
@@ -106,6 +114,12 @@
             PathMatcher pathMatcher = PathMatcher(targetUser, targetGroup);
             std::string chrootPath = 
pathMatcher.resolveVariables(config.getChrootPath());
             api.chroot(chrootPath);
+
+
+            scriptFilename.replace(scriptFilename.find(chrootPath), 
chrootPath.length(), "");
+            documentRoot.replace(documentRoot.find(chrootPath), 
chrootPath.length(), "");
+            env.setVar("DOCUMENT_ROOT", documentRoot);
+            env.setVar("SCRIPT_FILENAME", scriptFilename);
         }

         this->changeProcessPermissions(config, targetUser, targetGroup);
--- src/PathMatcher.cpp   2008-03-31 02:15:54.000000000 +0200
+++ src/PathMatcher-new.cpp 2010-01-25 21:17:08.000000000 +0100
@@ -93,7 +93,7 @@
                         throw ParsingException("Incorrect use of $ in pattern 
\"" + pattern + "\".", __FILE__, __LINE__);
                     }
                     std::string varName = remainingPattern.substr(i + 2, 
closingBrace - i - 2);
-                    remainingPattern = lookupVariable(varName) + 
remainingPattern.substr(closingBrace + 1);
+                    remainingPattern = remainingPattern.substr(0, i) + 
lookupVariable(varName) + remainingPattern.substr(closingBrace + 1);
                     break;
                 } else {
                     if (i >= remainingPath.length() || c != 
remainingPath.at(i)) {

_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp

Reply via email to