You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1997/01/22 20:39:05 UTC
[PATCH] properly check if owner or group can_exec
Someone reported this bug the other day. The solution below
does not solve the issue when MULTIPLE_GROUPS is defined and
we are checking an suexec target.
Index: util.c
===================================================================
RCS file: /export/home/cvs/apache/src/util.c,v
retrieving revision 1.41
diff -c -r1.41 util.c
*** util.c 1997/01/20 09:36:26 1.41
--- util.c 1997/01/22 19:02:26
***************
*** 936,942 ****
else return 0;
}
! int can_exec(const struct stat *finfo) {
#ifdef MULTIPLE_GROUPS
int cnt;
#endif
--- 936,942 ----
else return 0;
}
! int can_exec(request_rec *r) {
#ifdef MULTIPLE_GROUPS
int cnt;
#endif
***************
*** 944,963 ****
/* OS/2 dosen't have Users and Groups */
return 1;
#else
! if(user_id == finfo->st_uid)
! if(finfo->st_mode & S_IXUSR)
return 1;
! if(group_id == finfo->st_gid)
! if(finfo->st_mode & S_IXGRP)
return 1;
#ifdef MULTIPLE_GROUPS
for(cnt=0; cnt < NGROUPS_MAX; cnt++) {
! if(group_id_list[cnt] == finfo->st_gid)
! if(finfo->st_mode & S_IXGRP)
return 1;
}
#endif
! return (finfo->st_mode & S_IXOTH);
#endif
}
--- 944,963 ----
/* OS/2 dosen't have Users and Groups */
return 1;
#else
! if(r->server->server_uid == r->finfo.st_uid)
! if(r->finfo.st_mode & S_IXUSR)
return 1;
! if(r->server->server_gid == r->finfo.st_gid)
! if(r->finfo.st_mode & S_IXGRP)
return 1;
#ifdef MULTIPLE_GROUPS
for(cnt=0; cnt < NGROUPS_MAX; cnt++) {
! if(group_id_list[cnt] == r->finfo.st_gid)
! if(r->finfo.st_mode & S_IXGRP)
return 1;
}
#endif
! return (r->finfo.st_mode & S_IXOTH);
#endif
}
Index: mod_cgi.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_cgi.c,v
retrieving revision 1.28
diff -c -r1.28 mod_cgi.c
*** mod_cgi.c 1997/01/20 04:28:12 1.28
--- mod_cgi.c 1997/01/22 19:10:41
***************
*** 377,383 ****
if (r->finfo.st_mode == 0)
return log_scripterror(r, conf, NOT_FOUND,
"script not found or unable to stat");
! if(!can_exec(&r->finfo))
return log_scripterror(r, conf, FORBIDDEN,
"file permissions deny server execution");
--- 377,383 ----
if (r->finfo.st_mode == 0)
return log_scripterror(r, conf, NOT_FOUND,
"script not found or unable to stat");
! if(!can_exec(r))
return log_scripterror(r, conf, FORBIDDEN,
"file permissions deny server execution");
Index: httpd.h
===================================================================
RCS file: /export/home/cvs/apache/src/httpd.h,v
retrieving revision 1.79
diff -c -r1.79 httpd.h
*** httpd.h 1997/01/07 06:18:12 1.79
--- httpd.h 1997/01/22 19:15:53
***************
*** 677,683 ****
uid_t uname2id(const char *name);
gid_t gname2id(const char *name);
int is_directory(const char *name);
! int can_exec(const struct stat *);
void chdir_file(const char *file);
char *get_local_host(pool *);
--- 677,683 ----
uid_t uname2id(const char *name);
gid_t gname2id(const char *name);
int is_directory(const char *name);
! int can_exec(request_rec *r);
void chdir_file(const char *file);
char *get_local_host(pool *);
Re: [PATCH] properly check if owner or group can_exec
Posted by Marc Slemko <ma...@znep.com>.
On Wed, 22 Jan 1997, Randy Terbush wrote:
> Someone reported this bug the other day. The solution below
> does not solve the issue when MULTIPLE_GROUPS is defined and
> we are checking an suexec target.
And it doesn't address execution of files in ~user as user, right?
suexec will also fail if the user's home dir is on a NFS mounted
filesystem with root mapped to nobody and their homedir is mode 711 or
something like that. The getcwd() will fail.
Possible solution is to setuid at the very start of the script, since the
user better be able to read their homedir.
>
>
> Index: util.c
> ===================================================================
> RCS file: /export/home/cvs/apache/src/util.c,v
> retrieving revision 1.41
> diff -c -r1.41 util.c
> *** util.c 1997/01/20 09:36:26 1.41
> --- util.c 1997/01/22 19:02:26
> ***************