You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Colm MacCárthaigh <co...@Redbrick.DCU.IE> on 2002/05/20 04:25:52 UTC

[PATCH] suexec + mod_userdir + mod_cgid

A few weeks ago I opened Bug 7810, which was suexec  not  working
with  mod_userdir with either mod_cgi or mod_cgid. Anyway, Justin
kindly applied a modified patch of mine  to  fix  mod_cgi  ..  up
until  today  I  have  been  simply too busy to look at it .. but
here's a patch that makes  mod_cgid  work.  The  bug  is  already
closed,  but  this patch shuold fix all of the issues that are in
it.

It's two changes, send and receive the entire  suexec_cfg  struc-
ture to/from cgid, and send the mod_userdir_user note. Also, just
to note that current beahaviour is that :

 --enable-cgid --with-mpm=[something threaded] \
 --enable-suexec ...

results in a build of apache which is fully functional , with all
userdir  CGI  working  ..  but  not  suexec'd.  Which  in certain
environments is a major security hole.

- Colm

Index: modules/generators/mod_cgid.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/generators/mod_cgid.c,v
retrieving revision 1.129
diff -u -r1.129 mod_cgid.c
--- modules/generators/mod_cgid.c	17 May 2002 11:33:09 -0000	1.129
+++ modules/generators/mod_cgid.c	20 May 2002 02:15:44 -0000
@@ -329,16 +329,8 @@
         if (rc != sizeof(int)) {
             return 1;
         }
-        rc = read(fd, &suexec_cfg->ugid.uid, sizeof(uid_t));
-        if (rc != sizeof(uid_t)) {
-            return 1;
-        }
-        rc = read(fd, &suexec_cfg->ugid.gid, sizeof(gid_t));
-        if (rc != sizeof(gid_t)) {
-            return 1;
-        }
-        rc = read(fd, &suexec_cfg->active, sizeof(int));
-        if (rc != sizeof(int)) {
+        rc = read(fd, suexec_cfg, sizeof(*suexec_cfg));
+        if (rc != sizeof(*suexec_cfg)) {
             return 1;
         }
         dconf[i] = (void *)suexec_cfg;
@@ -379,12 +371,20 @@
     } 
 #endif 
 #endif
-    /* For right now, just make the notes table.  At some point we will need
-     * to actually fill this out, but for now we just don't want suexec to
-     * seg fault.
-     */
+
+    /* basic notes table to avoid seg faults */
     r->notes = apr_table_make(r->pool, 1);
 
+    /* mod_userdir requires the mod_userdir_user note */
+    rc = read(fd, &len, sizeof(len));
+    if (len) {
+        data = apr_pcalloc(r->pool, len + 1); /* last byte is '\0' */
+        rc = read(fd, data, len);
+        if(rc != len) {
+	    return 1;
+        }
+	apr_table_set(r->notes,"mod_userdir_user", data);
+    }
     return 0;
 } 
 
@@ -441,9 +441,7 @@
                                                            suexec_mod);
 
         write(fd, &suexec_mod->module_index, sizeof(int));
-        write(fd, &suexec_cfg->ugid.uid, sizeof(uid_t));
-        write(fd, &suexec_cfg->ugid.gid, sizeof(gid_t));
-        write(fd, &suexec_cfg->active, sizeof(int));
+        write(fd, suexec_cfg, sizeof(*suexec_cfg));
     }
 
 #if 0
@@ -483,6 +481,16 @@
     } 
 #endif
 #endif 
+   /* send a minimal notes table */
+   data  = (char *) apr_table_get(r->notes, "mod_userdir_user");
+   if(data != NULL) {
+       len = strlen(data);
+       write(fd, &len, sizeof(len));
+       write(fd, data, len);
+   } else {
+       len = 0;
+       write(fd, &len, sizeof(len));
+   }
 } 
 
 static void daemon_signal_handler(int sig)