Debian bug report logs - #27234
should be able to NOT run suexec in some directories or locations

Package: apache; Reported by: Floody G <flood@evcom.net>; dated Tue, 29 Sep 1998 21:48:01 GMT; Maintainer for apache is Johnie Ingram <johnie@debian.org>.

Message received at submit@bugs.debian.org:


Received: (at submit) by bugs.debian.org; 29 Sep 1998 21:36:23 +0000
Received: (qmail 10315 invoked from network); 29 Sep 1998 21:36:23 -0000
Received: from zothommog.evcom.net (root@208.136.203.8)
  by debian.novare.net with SMTP; 29 Sep 1998 21:36:23 -0000
Received: from agony.evcom.net (flood@agony.evcom.net [208.136.203.10])
	by zothommog.evcom.net (8.8.8/8.8.8) with ESMTP id RAA23044
	for <submit@bugs.debian.org>; Tue, 29 Sep 1998 17:36:11 -0400
Received: from localhost (flood@localhost)
	by agony.evcom.net (8.8.8/8.8.8) with SMTP id RAA24740
	for <submit@bugs.debian.org>; Tue, 29 Sep 1998 17:36:17 -0400
Date: Tue, 29 Sep 1998 17:36:17 -0400 (EDT)
From: Floody G <flood@evcom.net>
To: submit@bugs.debian.org
Subject: should be able to NOT run suexec in some directories or locations
Message-ID: <Pine.LNX.3.96.980929172833.24722A-100000@agony.evcom.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Package: apache
Version: 1.3.2-1

Twouldn't it be nice if you didn't have to run suexec for every cgi ran by
virtualhost's or userdir configurations?  It's not only nice, it's a
necessity for myself ("global" cgi-bins, etc).

A patch follows which implements eggsactly this, it adds the NoSuExec
option.  To *disable* using suexec inside a <Directory> or <Location>,
simply: Options +NoSuExec

Note that for very obvious security reasons, this option CANNOT be used in
.htaccess files; period.  This option only enables/disables suexec if all
other suexec requirements are met (must be u+s root, etc).


-- TEAR HERE --
diff -r -u apache_1.3.2/src/include/http_core.h apache_1.3.2.new/src/include/http_core.h
--- apache_1.3.2/src/include/http_core.h	Wed Aug 26 16:01:21 1998
+++ apache_1.3.2.new/src/include/http_core.h	Tue Sep 29 15:16:21 1998
@@ -85,6 +85,8 @@
 #define OPT_MULTI 128
 #define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI)
 
+#define OPT_NOSUEXEC 256
+
 /* options for get_remote_host() */
 /* REMOTE_HOST returns the hostname, or NULL if the hostname
  * lookup fails.  It will force a DNS lookup according to the
@@ -165,7 +167,7 @@
 
 /* Per-directory configuration */
 
-typedef unsigned char allow_options_t;
+typedef unsigned int allow_options_t;
 typedef unsigned char overrides_t;
 
 typedef struct {
diff -r -u apache_1.3.2/src/main/http_core.c apache_1.3.2.new/src/main/http_core.c
--- apache_1.3.2/src/main/http_core.c	Tue Sep 29 17:03:11 1998
+++ apache_1.3.2.new/src/main/http_core.c	Tue Sep 29 16:25:53 1998
@@ -1000,7 +1000,10 @@
 	else if (!strcasecmp(w, "All")) {
 	    opt = OPT_ALL;
 	}
-	else {
+	/* permit Options NoSuExec only inside <Directory> or <Location> */
+	else if (!strcasecmp(w, "NoSuExec") && (cmd->override & ACCESS_CONF)) {
+	    opt = OPT_NOSUEXEC;
+	} else {
 	    return ap_pstrcat(cmd->pool, "Illegal option ", w, NULL);
 	}
 
diff -r -u apache_1.3.2/src/main/util_script.c apache_1.3.2.new/src/main/util_script.c
--- apache_1.3.2/src/main/util_script.c	Mon Sep 14 12:10:22 1998
+++ apache_1.3.2.new/src/main/util_script.c	Mon Sep 28 18:11:45 1998
@@ -687,6 +687,8 @@
 			     char **env, int shellcmd)
 {
     int pid = 0;
+    int use_suexec;
+
 #if defined(RLIMIT_CPU)  || defined(RLIMIT_NPROC) || \
     defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined (RLIMIT_AS)
 
@@ -1091,7 +1093,12 @@
 	return (pid);
     }
 #else
-    if (ap_suexec_enabled
+    if (ap_allow_options(r) & OPT_NOSUEXEC)
+	use_suexec = 0;
+    else
+	use_suexec = ap_suexec_enabled;
+
+    if (use_suexec
 	&& ((r->server->server_uid != ap_user_id)
 	    || (r->server->server_gid != ap_group_id)
 	    || (!strncmp("/~", r->uri, 2)))) {
diff -r -u apache_1.3.2/src/modules/standard/mod_cgi.c apache_1.3.2.new/src/modules/standard/mod_cgi.c
--- apache_1.3.2/src/modules/standard/mod_cgi.c	Thu Sep  3 18:40:42 1998
+++ apache_1.3.2.new/src/modules/standard/mod_cgi.c	Mon Sep 28 18:18:00 1998
@@ -358,6 +358,7 @@
     void *sconf = r->server->module_config;
     cgi_server_conf *conf =
     (cgi_server_conf *) ap_get_module_config(sconf, &cgi_module);
+    int suexec_explicit_off = 0;
 
     struct cgi_child_stuff cld;
 
@@ -382,6 +383,9 @@
 	return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
 			       "attempt to include NPH CGI script");
 
+    if (ap_allow_options(r) & OPT_NOSUEXEC)
+	suexec_explicit_off = 1;
+
 #if defined(OS2) || defined(WIN32)
     /* Allow for cgi files without the .EXE extension on them under OS/2 */
     if (r->finfo.st_mode == 0) {
@@ -402,7 +406,7 @@
     if (S_ISDIR(r->finfo.st_mode))
 	return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
 			       "attempt to invoke directory as script");
-    if (!ap_suexec_enabled) {
+    if (!ap_suexec_enabled || suexec_explicit_off) {
 	if (!ap_can_exec(&r->finfo))
 	    return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
 				   "file permissions deny server execution");



Acknowledgement sent to Floody G <flood@evcom.net>:
New bug report received and forwarded. Copy sent to Johnie Ingram <johnie@debian.org>. Full text available.
Report forwarded to debian-bugs-dist@lists.debian.org, Johnie Ingram <johnie@debian.org>:
Bug#27234; Package apache. Full text available.
Ian Jackson / owner@bugs.debian.org, through the Debian bug database
Last modified: 12:39:00 GMT Wed 07 Oct (timestamp page available).