Rev 2 | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
1 | madcat | 1 | --- suexec.8.orig 2011-07-12 10:38:14.000000000 +0200 |
2 | +++ suexec.8 2011-07-12 11:33:24.000000000 +0200 |
||
3 | @@ -43,8 +43,12 @@ If suexec is called by a user with name |
||
4 | suexec will abort. By creating several config files, you can allow several |
||
5 | different apache run users to use suexec. |
||
6 | .PP |
||
7 | -The first line in the file is used as the document root (/var/www in the |
||
8 | -standard suexec) and the second line in the file is used as the suffix that is |
||
9 | +The first line in the file is used as the start (the root) of the chroot |
||
10 | +jail environment. If you don't want to use a chroot jail you must put |
||
11 | +"nochroot" on the first line: the chroot command will be ignored. |
||
12 | +.PP |
||
13 | +The second line in the file is used as the document root (/var/www in the |
||
14 | +standard suexec) and the third line in the file is used as the suffix that is |
||
15 | appended to users' home directories (public_html in standard suexec). |
||
16 | .PP |
||
17 | If any of the lines is commented out (with #), suexec will refuse the |
||
2 | madcat | 18 | --- suexec-custom.config.orig 2013-03-12 17:22:25.835049038 +0100 |
19 | +++ suexec-custom.config 2013-03-12 17:29:10.583054086 +0100 |
||
20 | @@ -1,7 +1,12 @@ |
||
21 | +nochroot |
||
22 | /var/www |
||
23 | public_html/cgi-bin |
||
24 | -# The first two lines contain the suexec document root and the suexec userdir |
||
25 | -# suffix. If one of them is disabled by prepending a # character, suexec will |
||
3 | madcat | 26 | -# refuse the corresponding type of request. |
2 | madcat | 27 | +# The first line contains the path of the chroot jail environment. Use the |
28 | +# special word nochroot if you don't want to use a chroot jail. |
||
29 | +# The second line contains the suexec document root and the third line the |
||
30 | +# suexec userdir suffix. If one of them is disabled by prepending a # |
||
31 | +# character, suexec will refuse the corresponding type of request. |
||
32 | +# You cannot comment out the first line: use a path for the chroot jail or |
||
33 | +# the nochroot parameter. |
||
34 | # This config file is only used by the apache2-suexec-custom package. See the |
||
35 | # suexec man page included in the package for more details. |
||
1 | madcat | 36 | --- suexec-custom.c.orig 2011-07-12 10:38:14.000000000 +0200 |
37 | +++ suexec-custom.c 2011-07-12 11:32:59.000000000 +0200 |
||
38 | @@ -288,6 +288,7 @@ int main(int argc, char *argv[]) |
||
39 | struct stat dir_info; /* directory info holder */ |
||
40 | struct stat prg_info; /* program info holder */ |
||
41 | int cwdh; /* handle to cwd */ |
||
42 | + char *suexec_chroot = NULL; |
||
43 | char *suexec_docroot = NULL; |
||
44 | char *suexec_userdir_suffix = NULL; |
||
45 | char *filename = NULL; |
||
46 | @@ -382,9 +383,10 @@ int main(int argc, char *argv[]) |
||
47 | * If not, error out. |
||
48 | */ |
||
49 | filename = malloc(AP_MAXPATH+1); |
||
50 | + suexec_chroot = malloc(AP_MAXPATH+1); |
||
51 | suexec_docroot = malloc(AP_MAXPATH+1); |
||
52 | suexec_userdir_suffix = malloc(AP_MAXPATH+1); |
||
53 | - if (!filename || !suexec_docroot || !suexec_userdir_suffix) { |
||
54 | + if (!filename || !suexec_chroot || !suexec_docroot || !suexec_userdir_suffix) { |
||
55 | log_err("malloc failed\n"); |
||
56 | exit(120); |
||
57 | } |
||
58 | @@ -399,6 +401,11 @@ int main(int argc, char *argv[]) |
||
59 | exit(123); |
||
60 | } |
||
61 | |||
62 | + if (!read_line(suexec_chroot, configfile)) { |
||
63 | + log_err("Could not read chroot from %s\n", filename); |
||
64 | + exit(300); |
||
65 | + } |
||
66 | + |
||
67 | if (!read_line(suexec_docroot, configfile)) { |
||
68 | log_err("Could not read docroot from %s\n", filename); |
||
69 | exit(124); |
||
70 | @@ -527,6 +534,15 @@ int main(int argc, char *argv[]) |
||
71 | exit(108); |
||
72 | } |
||
73 | |||
74 | + getcwd(cwd, AP_MAXPATH); |
||
75 | + if (strcmp(suexec_chroot, "nochroot")) { |
||
76 | + if (chroot(suexec_chroot)!=0) { |
||
77 | + log_err("chroot on %s failed!\n", suexec_chroot); |
||
78 | + exit(301); |
||
79 | + }; |
||
80 | + }; |
||
81 | + chdir(cwd); |
||
82 | + |
||
83 | /* |
||
84 | * Change UID/GID here so that the following tests work over NFS. |
||
85 | * |