You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rob Hartill <ro...@imdb.com> on 1996/09/13 11:25:56 UTC
apache chroot'ing (fwd)
Not acked.
----- Forwarded message from Lincoln Dale -----
Message-Id: <19...@titanic.labtam.oz.au>
To: apache-bugs@mail.apache.org
Subject: apache chroot'ing
From: Lincoln Dale <lt...@aone.com.au>
Date: Fri, 13 Sep 1996 13:35:22 +1000
Sender: ltd@titanic.labtam.oz.au
Hi,
I haven't been following apache developments, other than installing it to
test to see how it handles HTTP-PUT (differently than Netscape does -- ie.
it works).
Either way, one of the 'features' that we use of the netscape servers we
run is that they have the ability to chroot themselves. Apache didn't
appear to, so I made a quick hack to do this.
the chroot is done before child processes are forked. the side-effect of
this is that the scoreboard file is stored in the chroot'ed environment, not
the normal log area (chrooting is done _after_ the log and associated files
are setup).
please let me know if you find this useful. i've only done minimal testing.
cheers,
lincoln.
diff -c apache_1.1.1/src/http_conf_globals.h ltd/http_conf_globals.h
*** apache_1.1.1/src/http_conf_globals.h Thu Feb 22 22:46:43 1996
--- ltd/http_conf_globals.h Fri Sep 13 13:23:01 1996
***************
*** 60,65 ****
--- 60,66 ----
extern uid_t user_id;
extern char *user_name;
extern gid_t group_id;
+ extern char chroot_path[MAX_STRING_LEN];
extern int max_requests_per_child;
extern struct in_addr bind_address;
extern listen_rec *listeners;
diff -c apache_1.1.1/src/http_core.c ltd/http_core.c
*** apache_1.1.1/src/http_core.c Thu Jun 13 04:14:31 1996
--- ltd/http_core.c Fri Sep 13 13:23:12 1996
***************
*** 648,653 ****
--- 648,659 ----
return NULL;
}
+ char *set_chroot (cmd_parms *cmd, void *dummy, char *arg) {
+ if (!is_directory (arg)) return "Chroot must be a valid directory";
+ strcpy (chroot_path, arg);
+ return NULL;
+ }
+
char *set_server_root (cmd_parms *cmd, void *dummy, char *arg) {
if (!is_directory (arg)) return "ServerRoot must be a valid directory";
strcpy (server_root, arg);
***************
*** 805,810 ****
--- 811,817 ----
{ "HostnameLookups", set_hostname_lookups, NULL, ACCESS_CONF|RSRC_CONF, FLAG, NULL },
{ "User", set_user, NULL, RSRC_CONF, TAKE1, "a username"},
{ "Group", set_group, NULL, RSRC_CONF, TAKE1, "a group name"},
+ { "Chroot", set_chroot, NULL, RSRC_CONF, TAKE1, "a directory path"},
{ "ServerAdmin", set_server_string_slot,
(void *)XtOffsetOf (server_rec, server_admin), RSRC_CONF, TAKE1,
"The email address of the server administrator" },
diff -c apache_1.1.1/src/http_main.c ltd/http_main.c
*** apache_1.1.1/src/http_main.c Tue Jul 9 05:00:35 1996
--- ltd/http_main.c Fri Sep 13 13:23:26 1996
***************
*** 114,119 ****
--- 114,120 ----
uid_t user_id;
char *user_name;
gid_t group_id;
+ char chroot_path[MAX_STRING_LEN];
int max_requests_per_child;
char *pid_fname;
char *scoreboard_fname;
***************
*** 1276,1281 ****
--- 1277,1289 ----
{
int pid;
+
+ if (chroot_path != NULL) {
+ if (!chroot(chroot_path)) {
+ log_unixerr("chroot", NULL, "unable to chroot", server_conf);
+ }
+ }
+
if (one_process) {
signal (SIGHUP, (void (*)())just_die);
signal (SIGTERM, (void (*)())just_die);
***************
*** 1494,1499 ****
--- 1502,1508 ----
server_argv0 = argv[0];
strcpy (server_root, HTTPD_ROOT);
+ strcpy (chroot_path, CHROOT_PATH);
strcpy (server_confname, SERVER_CONFIG_FILE);
while((c = getopt(argc,argv,"Xd:f:v")) != -1) {
diff -c apache_1.1.1/src/httpd.h ltd/httpd.h
*** apache_1.1.1/src/httpd.h Tue Jul 9 05:01:19 1996
--- ltd/httpd.h Fri Sep 13 13:23:36 1996
***************
*** 82,87 ****
--- 82,90 ----
#define DOCUMENT_LOCATION "/usr/local/etc/httpd/htdocs"
#endif
+ /* chroot path default */
+ #define CHROOT_PATH "/"
+
/* Max. number of dynamically loaded modules */
#define DYNAMIC_MODULE_LIMIT 64
----- End of forwarded message from Lincoln Dale -----
--
Rob Hartill (robh@imdb.com)
http://www.imdb.com/ ... why wait for a clear night to see the stars?.