(root)/suexec-custom.patch - Rev 1
Rev 2 |
Go to most recent revision |
Blame |
Compare with Previous |
Last modification |
View Log
| RSS feed
--- suexec.8.orig 2011-07-12 10:38:14.000000000 +0200
+++ suexec.8 2011-07-12 11:33:24.000000000 +0200
@@ -43,8 +43,12 @@ If suexec is called by a user with name
suexec will abort. By creating several config files, you can allow several
different apache run users to use suexec.
.PP
-The first line in the file is used as the document root (/var/www in the
-standard suexec) and the second line in the file is used as the suffix that is
+The first line in the file is used as the start (the root) of the chroot
+jail environment. If you don't want to use a chroot jail you must put
+"nochroot" on the first line: the chroot command will be ignored.
+.PP
+The second line in the file is used as the document root (/var/www in the
+standard suexec) and the third line in the file is used as the suffix that is
appended to users' home directories (public_html in standard suexec).
.PP
If any of the lines is commented out (with #), suexec will refuse the
--- suexec-custom.c.orig 2011-07-12 10:38:14.000000000 +0200
+++ suexec-custom.c 2011-07-12 11:32:59.000000000 +0200
@@ -288,6 +288,7 @@ int main(int argc, char *argv[])
struct stat dir_info; /* directory info holder */
struct stat prg_info; /* program info holder */
int cwdh; /* handle to cwd */
+ char *suexec_chroot = NULL;
char *suexec_docroot = NULL;
char *suexec_userdir_suffix = NULL;
char *filename = NULL;
@@ -382,9 +383,10 @@ int main(int argc, char *argv[])
* If not, error out.
*/
filename = malloc(AP_MAXPATH+1);
+ suexec_chroot = malloc(AP_MAXPATH+1);
suexec_docroot = malloc(AP_MAXPATH+1);
suexec_userdir_suffix = malloc(AP_MAXPATH+1);
- if (!filename || !suexec_docroot || !suexec_userdir_suffix) {
+ if (!filename || !suexec_chroot || !suexec_docroot || !suexec_userdir_suffix) {
log_err("malloc failed\n");
exit(120);
}
@@ -399,6 +401,11 @@ int main(int argc, char *argv[])
exit(123);
}
+ if (!read_line(suexec_chroot, configfile)) {
+ log_err("Could not read chroot from %s\n", filename);
+ exit(300);
+ }
+
if (!read_line(suexec_docroot, configfile)) {
log_err("Could not read docroot from %s\n", filename);
exit(124);
@@ -527,6 +534,15 @@ int main(int argc, char *argv[])
exit(108);
}
+ getcwd(cwd, AP_MAXPATH);
+ if (strcmp(suexec_chroot, "nochroot")) {
+ if (chroot(suexec_chroot)!=0) {
+ log_err("chroot on %s failed!\n", suexec_chroot);
+ exit(301);
+ };
+ };
+ chdir(cwd);
+
/*
* Change UID/GID here so that the following tests work over NFS.
*