Subversion Repositories suexec-custom

Rev

Rev 2 | Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
1 madcat 1
--- suexec.8.orig       2011-07-12 10:38:14.000000000 +0200
2
+++ suexec.8    2011-07-12 11:33:24.000000000 +0200
3
@@ -43,8 +43,12 @@ If suexec is called by a user with name
4
 suexec will abort. By creating several config files, you can allow several
5
 different apache run users to use suexec.
6
 .PP
7
-The first line in the file is used as the document root (/var/www in the
8
-standard suexec) and the second line in the file is used as the suffix that is
9
+The first line in the file is used as the start (the root) of the chroot
10
+jail environment. If you don't want to use a chroot jail you must put
11
+"nochroot" on the first line: the chroot command will be ignored.
12
+.PP
13
+The second line in the file is used as the document root (/var/www in the
14
+standard suexec) and the third line in the file is used as the suffix that is
15
 appended to users' home directories (public_html in standard suexec).
16
 .PP
17
 If any of the lines is commented out (with #), suexec will refuse the
18
--- suexec-custom.c.orig        2011-07-12 10:38:14.000000000 +0200
19
+++ suexec-custom.c     2011-07-12 11:32:59.000000000 +0200
20
@@ -288,6 +288,7 @@ int main(int argc, char *argv[])
21
     struct stat dir_info;   /* directory info holder     */
22
     struct stat prg_info;   /* program info holder       */
23
     int cwdh;               /* handle to cwd             */
24
+    char *suexec_chroot         = NULL;
25
     char *suexec_docroot        = NULL;
26
     char *suexec_userdir_suffix = NULL;
27
     char *filename              = NULL;
28
@@ -382,9 +383,10 @@ int main(int argc, char *argv[])
29
      * If not, error out.
30
      */
31
     filename = malloc(AP_MAXPATH+1);
32
+    suexec_chroot = malloc(AP_MAXPATH+1);
33
     suexec_docroot = malloc(AP_MAXPATH+1);
34
     suexec_userdir_suffix = malloc(AP_MAXPATH+1);
35
-    if (!filename || !suexec_docroot || !suexec_userdir_suffix) {
36
+    if (!filename || !suexec_chroot || !suexec_docroot || !suexec_userdir_suffix) {
37
         log_err("malloc failed\n");
38
        exit(120);
39
     }
40
@@ -399,6 +401,11 @@ int main(int argc, char *argv[])
41
        exit(123);
42
     }
43
 
44
+    if (!read_line(suexec_chroot, configfile)) {
45
+       log_err("Could not read chroot from %s\n", filename);
46
+       exit(300);
47
+    }
48
+
49
     if (!read_line(suexec_docroot, configfile)) {
50
        log_err("Could not read docroot from %s\n", filename);
51
        exit(124);
52
@@ -527,6 +534,15 @@ int main(int argc, char *argv[])
53
         exit(108);
54
     }
55
 
56
+    getcwd(cwd, AP_MAXPATH);
57
+    if (strcmp(suexec_chroot, "nochroot")) {
58
+        if (chroot(suexec_chroot)!=0) {
59
+            log_err("chroot on %s failed!\n", suexec_chroot);
60
+            exit(301);
61
+        };
62
+    };
63
+    chdir(cwd);
64
+
65
     /*
66
      * Change UID/GID here so that the following tests work over NFS.
67
      *