Subversion Repositories suexec-custom

--- suexec.8.orig       2011-07-12 10:38:14.000000000 +0200

+++ suexec.8    2011-07-12 11:33:24.000000000 +0200

@@ -43,8 +43,12 @@ If suexec is called by a user with name

 suexec will abort. By creating several config files, you can allow several

 different apache run users to use suexec.

 .PP

-The first line in the file is used as the document root (/var/www in the

-standard suexec) and the second line in the file is used as the suffix that is

+The first line in the file is used as the start (the root) of the chroot

+jail environment. If you don't want to use a chroot jail you must put

+"nochroot" on the first line: the chroot command will be ignored.

+.PP

+The second line in the file is used as the document root (/var/www in the

+standard suexec) and the third line in the file is used as the suffix that is

 appended to users' home directories (public_html in standard suexec).

 .PP

 If any of the lines is commented out (with #), suexec will refuse the

--- suexec-custom.config.orig   2013-03-12 17:22:25.835049038 +0100

+++ suexec-custom.config        2013-03-12 17:29:10.583054086 +0100

@@ -1,7 +1,12 @@

+nochroot

 /var/www

 public_html/cgi-bin

-# The first two lines contain the suexec document root and the suexec userdir

-# suffix. If one of them is disabled by prepending a # character, suexec will

-# refuse the corresponding type of request.

+# The first line contains the path of the chroot jail environment. Use the

+# special word nochroot if you don't want to use a chroot jail.

+# The second line contains the suexec document root and the third line the

+# suexec userdir suffix. If one of them is disabled by prepending a #

+# character, suexec will refuse the corresponding type of request.

+# You cannot comment out the first line: use a path for the chroot jail or

+# the nochroot parameter.

 # This config file is only used by the apache2-suexec-custom package. See the

 # suexec man page included in the package for more details.

--- suexec-custom.c.orig        2011-07-12 10:38:14.000000000 +0200

+++ suexec-custom.c     2011-07-12 11:32:59.000000000 +0200

@@ -288,6 +288,7 @@ int main(int argc, char *argv[])

     struct stat dir_info;   /* directory info holder     */

     struct stat prg_info;   /* program info holder       */

     int cwdh;               /* handle to cwd             */

+    char *suexec_chroot         = NULL;

     char *suexec_docroot        = NULL;

     char *suexec_userdir_suffix = NULL;

     char *filename              = NULL;

@@ -382,9 +383,10 @@ int main(int argc, char *argv[])

      * If not, error out.

      */

     filename = malloc(AP_MAXPATH+1);

+    suexec_chroot = malloc(AP_MAXPATH+1);

     suexec_docroot = malloc(AP_MAXPATH+1);

     suexec_userdir_suffix = malloc(AP_MAXPATH+1);

-    if (!filename || !suexec_docroot || !suexec_userdir_suffix) {

+    if (!filename || !suexec_chroot || !suexec_docroot || !suexec_userdir_suffix) {

         log_err("malloc failed\n");

        exit(120);

     }

@@ -399,6 +401,11 @@ int main(int argc, char *argv[])

        exit(123);

     }

+    if (!read_line(suexec_chroot, configfile)) {

+       log_err("Could not read chroot from %s\n", filename);

+       exit(300);

+    }

+

     if (!read_line(suexec_docroot, configfile)) {

        log_err("Could not read docroot from %s\n", filename);

        exit(124);

@@ -527,6 +534,15 @@ int main(int argc, char *argv[])

         exit(108);

     }

+    getcwd(cwd, AP_MAXPATH);

+    if (strcmp(suexec_chroot, "nochroot")) {

+        if (chroot(suexec_chroot)!=0) {

+            log_err("chroot on %s failed!\n", suexec_chroot);

+            exit(301);

+        };

+    };

+    chdir(cwd);

+

     /*

      * Change UID/GID here so that the following tests work over NFS.

      *