fielding96/11/24 01:37:08
Modified:support suexec.c
Added: support suexec.h
Log:
Removed HAVE_RLIMIT and related rlimit code now that the server handles
the functionality. Moved user-defined code to suexec.h.
Added DON'T EDIT warning in code.
No more security by obscurity...comments added at each step.
Submitted by: Jason A. Dour
Reviewed by: Roy Fielding, Randy Terbush
Revision ChangesPath
1.4 +151 -99 apache/support/suexec.c
Index: suexec.c
===
RCS file: /export/home/cvs/apache/support/suexec.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -C3 -r1.3 -r1.4
*** suexec.c 1996/11/03 21:02:34 1.3
--- suexec.c 1996/11/24 09:37:07 1.4
***
*** 53,58
--- 53,68
/*
* suexec.c -- Wrapper support program for suEXEC behaviour for Apache
*
+ ***
+ *
+ * NOTE! : DO NOT edit this code!!! Unless you know what you are doing,
+ * editing this code might open up your system in unexpected
+ * ways to would-be crackers. Every precaution has been taken
+ * to make this code as safe as possible; alter it at your own
+ * risk.
+ *
+ ***
+ *
* A MotherSoft Product for the Apache WWW server.
* (http://www.louisville.edu/~jadour01/mothersoft/)
*
***
*** 61,66
--- 71,82
*Jason A. Dour ([EMAIL PROTECTED])
*Randy Terbush ([EMAIL PROTECTED])
*
+ * Version 0.1.0 - Jason A. Dour
+ *First beta. Removed HAVE_RLIMIT and related rlimit code
+ * now that the server handles the funcitonality. Moved user-
+ * defined code to suexec.h. Added DON'T EDIT warning in code.
+ * No more security by obscurity...comments added at each step.
+ *
* Version 0.0.3 - Jason A. Dour
*Third alpha. Added NNAME and NGID directives to fix
* portability problem -- various systems have different
***
*** 85,130
*/
! /* ** USER-DEFINED VARIABLES ** */
!
! /*
! * HTTPD_USER -- Define as the username under which Apache normally
! * runs. This is the only user allowed to execute
! * this program.
! */
! #define HTTPD_USER www
!
! /*
! * LOG_EXEC -- Define this as a filename if you want all suEXEC
! * transactions and errors logged for auditing and
! * debugging purposes.
! */
! #define LOG_EXEC /usr/local/etc/httpd/logs/cgi.log /* Need me? */
!
! /*
! * DOC_ROOT -- Define as the DocuemntRoot set for Apache. This
! * will be the only hierarchy (aside from UserDirs)
! * that can be used for suEXEC behaviour.
! */
! #define DOC_ROOT /usr/local/etc/httpd/htdocs
!
! /*
! * NNAME -- Define this as the name for the nobody account
! * on your operating system. Most systems will just
! * need the default 'nobody'.
! */
! #define NNAME nobody
!
! /* NGID -- Define this as the *number* for the nogroup group
! * on your operating system. Most systems will have
! * a -1 or -2. Others might have something above
! * 65000.
! */
! #define NGID -1
!
!
!
! /* ** DO NOT EDIT BELOW THIS LINE ** */
#include sys/param.h
#include stdlib.h
--- 101,107
*/
! #include suexec.h
#include sys/param.h
#include stdlib.h
***
*** 137,143
#include grp.h
#include time.h
#include sys/stat.h
- #include sys/resource.h
static FILE *log;
--- 114,119
***
*** 183,223
int
main(int argc, char *argv[], char **env)
{
! int doclen;
! int homedir = 0;
! uid_t uid;
! char *server_uid;
! char *server_gid;
! char *prog;
! char *cmd;
! char *cwd;
! char *buf = NULL;
! struct passwd *pw;
! struct group *gr;
! struct stat dir_info;
! struct stat prg_info;
! struct rlimit limits;
prog = argv[0];
if (argc 4)
{
log_err (too few arguments\n);
exit(101);
}
! server_uid = argv[1];
! server_gid = argv[2];
cmd = argv[3];
! getrlimit ( RLIMIT_NOFILE, limits );
! if (limits.rlim_cur limits.rlim_max)
! {
! limits.rlim_cur = 256;
! if (setrlimit (RLIMIT_NOFILE, limits) 0)
! log_err (Cannot exceed hard limit for open files\n);
! }
!
uid = getuid();
if ((pw = getpwuid (uid)) == NULL)
{
--- 159,198
int
main(int argc, char *argv[], char