rpms/mod_suphp/F-7 mod_suphp-0.6.3-userdir.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 mod_suphp.spec, 1.13, 1.14 sources, 1.5, 1.6
Andreas Thienemann (ixs)
fedora-extras-commits at redhat.com
Mon Mar 31 15:44:14 UTC 2008
- Previous message (by thread): rpms/mod_suphp/F-8 mod_suphp-0.6.3-userdir.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 mod_suphp.spec, 1.13, 1.14 sources, 1.5, 1.6
- Next message (by thread): rpms/kde-filesystem/devel kde-filesystem.spec, 1.20, 1.21 macros.kde4, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ixs
Update of /cvs/pkgs/rpms/mod_suphp/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31582
Modified Files:
.cvsignore mod_suphp.spec sources
Added Files:
mod_suphp-0.6.3-userdir.patch
Log Message:
* Sun Mar 30 2008 Andreas Thienemann <andreas at bawue.net> - 0.6.3-1
- Updated to 0.6.3 fixing two security problems. #439687
mod_suphp-0.6.3-userdir.patch:
--- NEW FILE mod_suphp-0.6.3-userdir.patch ---
--- suphp-0.6.3/doc/suphp.conf-example.userdir 2005-11-26 20:29:02.000000000 +0100
+++ suphp-0.6.3/doc/suphp.conf-example 2008-03-31 02:08:13.000000000 +0200
@@ -38,6 +38,8 @@
; Minimum GID
min_gid=100
+; Use correct permissions for mod_userdir sites
+handle_userdir=true
[handlers]
;Handler for php-scripts
--- suphp-0.6.3/doc/CONFIG.userdir 2005-11-26 20:29:02.000000000 +0100
+++ suphp-0.6.3/doc/CONFIG 2008-03-31 02:08:13.000000000 +0200
@@ -95,6 +95,11 @@
Minimum GID allowed to execute scripts.
Defaults to compile-time value.
+handle_userdir:
+ Handle sites created by mod_userdir.
+ Scripts on userdir sites will be executed with the permissions
+ of the owner of the site. This option only affects force and paranoid mode.
+ This option is enabled by default.
3. Handlers
--- suphp-0.6.3/src/Configuration.cpp.userdir 2006-03-15 21:21:52.000000000 +0100
+++ suphp-0.6.3/src/Configuration.cpp 2008-03-31 02:08:13.000000000 +0200
@@ -112,6 +112,7 @@
#endif
this->umask = 0077;
this->chroot_path = "";
+ this->handle_userdir = true;
}
void suPHP::Configuration::readFromFile(File& file)
@@ -157,6 +158,8 @@
this->umask = Util::octalStrToInt(value);
else if (key == "chroot")
this->chroot_path = value;
+ else if (key == "handle_userdir")
+ this->handle_userdir = this->strToBool(value);
else
throw ParsingException("Unknown option \"" + key +
"\" in section [global]",
@@ -250,3 +253,7 @@
std::string suPHP::Configuration::getChrootPath() const {
return this->chroot_path;
}
+
+bool suPHP::Configuration::getHandleUserdir() const {
+ return this->handle_userdir;
+}
--- suphp-0.6.3/src/apache2/mod_suphp.c.userdir 2006-11-06 01:57:12.000000000 +0100
+++ suphp-0.6.3/src/apache2/mod_suphp.c 2008-03-31 02:08:13.000000000 +0200
@@ -656,6 +656,10 @@
}
}
+ /* for mod_userdir checking */
+ apr_table_setn(r->subprocess_env, "SUPHP_URI",
+ apr_pstrdup(r->pool, r->uri));
+
if (auth_user && auth_pass)
{
apr_table_setn(r->subprocess_env, "SUPHP_AUTH_USER", auth_user);
--- suphp-0.6.3/src/Configuration.hpp.userdir 2005-11-26 20:29:02.000000000 +0100
+++ suphp-0.6.3/src/Configuration.hpp 2008-03-31 02:08:13.000000000 +0200
@@ -57,7 +57,8 @@
int min_gid;
int umask;
std::string chroot_path;
-
+ bool handle_userdir;
+
/**
* Converts string to bool
*/
@@ -165,6 +166,12 @@
* Return chroot path
*/
std::string getChrootPath() const;
+
+ /**
+ * Return whether to correctly handle mod_userdir sites
+ */
+ bool getHandleUserdir() const;
+
};
};
--- suphp-0.6.3/src/Application.hpp.userdir 2008-03-29 23:58:58.000000000 +0100
+++ suphp-0.6.3/src/Application.hpp 2008-03-31 02:09:27.000000000 +0200
@@ -39,6 +39,7 @@
#include "SystemException.hpp"
#include "SoftException.hpp"
#include "SecurityException.hpp"
+#include "UserInfo.hpp"
namespace suPHP {
/**
@@ -116,6 +117,13 @@
const Configuration& config) const
throw (SoftException);
+ /**
+ * Checks if a given URL is a userdir
+ * associated user is assigned to the user parameter
+ */
+ bool checkUserDir(const std::string& url,
+ UserInfo& user) const;
+
public:
/**
* Constructer
--- suphp-0.6.3/src/apache/mod_suphp.c.userdir 2006-09-23 19:04:36.000000000 +0200
+++ suphp-0.6.3/src/apache/mod_suphp.c 2008-03-31 02:08:13.000000000 +0200
@@ -491,7 +491,10 @@
}
}
}
-
+
+ /* for mod_userdir checking */
+ apr_table_setn(r->subprocess_env, "SUPHP_URI", apr_pstrdup(p, r->uri));
+
if (auth_user && auth_pass) {
ap_table_setn(r->subprocess_env, "SUPHP_AUTH_USER", auth_user);
ap_table_setn(r->subprocess_env, "SUPHP_AUTH_PW", auth_pass);
--- suphp-0.6.3/src/Application.cpp.userdir 2008-03-30 13:43:38.000000000 +0200
+++ suphp-0.6.3/src/Application.cpp 2008-03-31 02:08:13.000000000 +0200
@@ -19,6 +19,7 @@
*/
#include <iostream>
+#include <sstream>
#include "config.h"
@@ -305,29 +306,33 @@
// Paranoid and force mode
#if (defined(OPT_USERGROUP_PARANOID) || defined(OPT_USERGROUP_FORCE))
- std::string targetUsername, targetGroupname;
- try {
- targetUsername = environment.getVar("SUPHP_USER");
- targetGroupname = environment.getVar("SUPHP_GROUP");
- } catch (KeyNotFoundException& e) {
- throw SecurityException(
+ if (config.getHandleUserdir() && checkUserDir(environment.getVar("SUPHP_URI"),targetUser)) {
+ targetGroup = targetUser.getGroupInfo();
+ } else {
+ std::string targetUsername, targetGroupname;
+ try {
+ targetUsername = environment.getVar("SUPHP_USER");
+ targetGroupname = environment.getVar("SUPHP_GROUP");
+ } catch (KeyNotFoundException& e) {
+ throw SecurityException(
"Environment variable SUPHP_USER or SUPHP_GROUP not set",
__FILE__, __LINE__);
- }
+ }
- if (targetUsername[0] == '#' && targetUsername.find_first_not_of(
+ if (targetUsername[0] == '#' && targetUsername.find_first_not_of(
"0123456789", 1) == std::string::npos) {
- targetUser = api.getUserInfo(Util::strToInt(targetUsername.substr(1)));
- } else {
- targetUser = api.getUserInfo(targetUsername);
- }
+ targetUser = api.getUserInfo(Util::strToInt(targetUsername.substr(1)));
+ } else {
+ targetUser = api.getUserInfo(targetUsername);
+ }
- if (targetGroupname[0] == '#' && targetGroupname.find_first_not_of(
+ if (targetGroupname[0] == '#' && targetGroupname.find_first_not_of(
"0123456789", 1) == std::string::npos) {
- targetGroup = api.getGroupInfo(
+ targetGroup = api.getGroupInfo(
Util::strToInt(targetGroupname.substr(1)));
- } else {
- targetGroup = api.getGroupInfo(targetGroupname);
+ } else {
+ targetGroup = api.getGroupInfo(targetGroupname);
+ }
}
#endif // OPT_USERGROUP_PARANOID || OPT_USERGROUP_FORCE
@@ -519,6 +524,28 @@
} while (directory.getPath() != "/");
}
+bool suPHP::Application::checkUserDir(const std::string& url, UserInfo& user) const {
+
+ if (url.length() <= 2 || url[1] != '~')
+ return false;
+
+ API& api = API_Helper::getSystemAPI();
+ std::string topDir;
+ std::istringstream strm(url);
+
+ for (int i = 0; i < 2; i++)
+ if (!std::getline(strm, topDir, '/'))
+ return false;
+
+ std::string userName = topDir.substr(1,topDir.length());
+
+ try {
+ user = api.getUserInfo(userName);
+ return true;
+ } catch (LookupException& e) {
+ return false;
+ }
+}
int main(int argc, char **argv) {
try {
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/mod_suphp/F-7/.cvsignore,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- .cvsignore 10 Mar 2007 22:00:09 -0000 1.5
+++ .cvsignore 31 Mar 2008 15:43:31 -0000 1.6
@@ -1 +1 @@
-suphp-0.6.2.tar.gz
+suphp-0.6.3.tar.gz
Index: mod_suphp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mod_suphp/F-7/mod_suphp.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- mod_suphp.spec 10 Mar 2007 22:00:09 -0000 1.13
+++ mod_suphp.spec 31 Mar 2008 15:43:31 -0000 1.14
@@ -24,7 +24,7 @@
Summary: An apache2 module for executing PHP scripts with the permissions of their owners
Name: mod_suphp
-Version: 0.6.2
+Version: 0.6.3
Release: 1%{?dist}
License: GPL
Group: System Environment/Daemons
@@ -32,7 +32,7 @@
Source1: suphp.conf
Source2: mod_suphp.conf
Source3: README.fedora
-Patch0: mod_suphp-0.6.1-userdir.patch
+Patch0: mod_suphp-0.6.3-userdir.patch
Patch1: mod_suphp-0.6.1-AddHandler.patch
Patch3: mod_suphp-0.6.1-chroot.patch
URL: http://www.suphp.org/
@@ -115,6 +115,12 @@
%changelog
+* Sun Mar 30 2008 Andreas Thienemann <andreas at bawue.net> - 0.6.3-1
+- Updated to 0.6.3 fixing two security problems. #439687
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 0.6.2-2
+- Autorebuild for GCC 4.3
+
* Sat Mar 10 2007 Andreas Thienemann <andreas at bawue.net> - 0.6.2-1
- Updated to 0.6.2
- Reverted our double free patch. Upstream fixed their SmartPointer
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/mod_suphp/F-7/sources,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sources 10 Mar 2007 22:00:09 -0000 1.5
+++ sources 31 Mar 2008 15:43:31 -0000 1.6
@@ -1 +1 @@
-06ca9e592a5c6dd3dcb9360c958369c1 suphp-0.6.2.tar.gz
+756e8893857fefed087a89959a87645a suphp-0.6.3.tar.gz
- Previous message (by thread): rpms/mod_suphp/F-8 mod_suphp-0.6.3-userdir.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 mod_suphp.spec, 1.13, 1.14 sources, 1.5, 1.6
- Next message (by thread): rpms/kde-filesystem/devel kde-filesystem.spec, 1.20, 1.21 macros.kde4, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list