You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Colm MacCárthaigh <co...@Redbrick.DCU.IE> on 2002/05/20 04:25:52 UTC
[PATCH] suexec + mod_userdir + mod_cgid
A few weeks ago I opened Bug 7810, which was suexec not working
with mod_userdir with either mod_cgi or mod_cgid. Anyway, Justin
kindly applied a modified patch of mine to fix mod_cgi .. up
until today I have been simply too busy to look at it .. but
here's a patch that makes mod_cgid work. The bug is already
closed, but this patch shuold fix all of the issues that are in
it.
It's two changes, send and receive the entire suexec_cfg struc-
ture to/from cgid, and send the mod_userdir_user note. Also, just
to note that current beahaviour is that :
--enable-cgid --with-mpm=[something threaded] \
--enable-suexec ...
results in a build of apache which is fully functional , with all
userdir CGI working .. but not suexec'd. Which in certain
environments is a major security hole.
- Colm
Index: modules/generators/mod_cgid.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/generators/mod_cgid.c,v
retrieving revision 1.129
diff -u -r1.129 mod_cgid.c
--- modules/generators/mod_cgid.c 17 May 2002 11:33:09 -0000 1.129
+++ modules/generators/mod_cgid.c 20 May 2002 02:15:44 -0000
@@ -329,16 +329,8 @@
if (rc != sizeof(int)) {
return 1;
}
- rc = read(fd, &suexec_cfg->ugid.uid, sizeof(uid_t));
- if (rc != sizeof(uid_t)) {
- return 1;
- }
- rc = read(fd, &suexec_cfg->ugid.gid, sizeof(gid_t));
- if (rc != sizeof(gid_t)) {
- return 1;
- }
- rc = read(fd, &suexec_cfg->active, sizeof(int));
- if (rc != sizeof(int)) {
+ rc = read(fd, suexec_cfg, sizeof(*suexec_cfg));
+ if (rc != sizeof(*suexec_cfg)) {
return 1;
}
dconf[i] = (void *)suexec_cfg;
@@ -379,12 +371,20 @@
}
#endif
#endif
- /* For right now, just make the notes table. At some point we will need
- * to actually fill this out, but for now we just don't want suexec to
- * seg fault.
- */
+
+ /* basic notes table to avoid seg faults */
r->notes = apr_table_make(r->pool, 1);
+ /* mod_userdir requires the mod_userdir_user note */
+ rc = read(fd, &len, sizeof(len));
+ if (len) {
+ data = apr_pcalloc(r->pool, len + 1); /* last byte is '\0' */
+ rc = read(fd, data, len);
+ if(rc != len) {
+ return 1;
+ }
+ apr_table_set(r->notes,"mod_userdir_user", data);
+ }
return 0;
}
@@ -441,9 +441,7 @@
suexec_mod);
write(fd, &suexec_mod->module_index, sizeof(int));
- write(fd, &suexec_cfg->ugid.uid, sizeof(uid_t));
- write(fd, &suexec_cfg->ugid.gid, sizeof(gid_t));
- write(fd, &suexec_cfg->active, sizeof(int));
+ write(fd, suexec_cfg, sizeof(*suexec_cfg));
}
#if 0
@@ -483,6 +481,16 @@
}
#endif
#endif
+ /* send a minimal notes table */
+ data = (char *) apr_table_get(r->notes, "mod_userdir_user");
+ if(data != NULL) {
+ len = strlen(data);
+ write(fd, &len, sizeof(len));
+ write(fd, data, len);
+ } else {
+ len = 0;
+ write(fd, &len, sizeof(len));
+ }
}
static void daemon_signal_handler(int sig)