You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ma...@hyperreal.org on 1998/03/20 12:33:02 UTC

cvs commit: apache-1.3/src/support suexec.c

martin      98/03/20 03:33:02

  Modified:    src/support suexec.c
  Log:
  Add the same conditions for initgroups() existance as we use in apache's conf.h;
  Add case insensitivity for BS2000's user name comparison (yes, that's how it is);
  Add an error message if the executable isn't executable.
  
  Revision  Changes    Path
  1.36      +18 -1     apache-1.3/src/support/suexec.c
  
  Index: suexec.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/support/suexec.c,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -u -r1.35 -r1.36
  --- suexec.c	1998/03/19 09:56:43	1.35
  +++ suexec.c	1998/03/20 11:33:00	1.36
  @@ -94,7 +94,7 @@
    ***********************************************************************
    */
   
  -#if defined(QNX)
  +#if defined(QNX) || defined(_OSD_POSIX) || defined(MPE) || defined(SCO) || defined(BEOS)
   int initgroups(const char *name, gid_t basegid)
   {
   /* QNX and MPE do not appear to support supplementary groups. */
  @@ -284,10 +284,18 @@
        * is the user allowed to do so as defined in
        * suexec.h.  If not the allowed user, error out.
        */
  +#ifdef _OSD_POSIX
  +    /* User name comparisons are case insensitive on BS2000/OSD */
  +    if (strcasecmp(HTTPD_USER, pw->pw_name)) {
  +	log_err("user mismatch (%s)\n", pw->pw_name);
  +	exit(103);
  +    }
  +#else  /*_OSD_POSIX*/
       if (strcmp(HTTPD_USER, pw->pw_name)) {
   	log_err("user mismatch (%s)\n", pw->pw_name);
   	exit(103);
       }
  +#endif /*_OSD_POSIX*/
   
       /*
        * Check for a leading '/' (absolute path) in the command to be executed,
  @@ -477,6 +485,15 @@
   		dir_info.st_uid, dir_info.st_gid,
   		prg_info.st_uid, prg_info.st_gid);
   	exit(120);
  +    }
  +    /*
  +     * Error out if the program is not executable for the user.
  +     * Otherwise, she won't find any error in the logs except for
  +     * "[error] Premature end of script headers: ..."
  +     */
  +    if (!(prg_info.st_mode & S_IXUSR)) {
  +	log_err("file has no execute permission: (%s/%s)\n", cwd, cmd);
  +	exit(121);
       }
   
       clean_env();