1 --- httpd-2.4.1/support/suexec.c.orig 2011-07-13 21:11:21.000000000 +0200
2 +++ httpd-2.4.1/support/suexec.c 2012-02-22 00:26:17.549340557 +0100
8 + * Return the `basename' of the pathname in STRING (the stuff after
9 + * the last '/'). If STRING is `/', just return it. Taken from bash.
11 +char *base_pathname(char *string)
15 + if (string[0] == '/' && string[1] == 0)
18 + p = (char *)strrchr (string, '/');
19 + return (p ? ++p : string);
22 int main(int argc, char *argv[])
24 int userdir = 0; /* ~userdir flag */
26 char dwd[AP_MAXPATH]; /* docroot working directory */
27 struct passwd *pw; /* password entry holder */
28 struct group *gr; /* group entry holder */
29 + struct passwd tpw; /* tmp password entry holder */
30 struct stat dir_info; /* directory info holder */
31 struct stat prg_info; /* program info holder */
36 if ((pw = getpwuid(atoi(target_uname))) == NULL) {
37 - log_err("invalid target user id: (%s)\n", target_uname);
40 + * If called as suexec.fcgi ignore if there is no passwd
41 + * entry for specified UID. Also bail out if UID = 0.
43 + if(!strcmp(base_pathname(argv[0]),"suexec.fcgi")) {
44 + tpw.pw_name = strdup(target_uname);
45 + tpw.pw_uid = atoi(target_uname);
46 + tpw.pw_dir = (char *)"/tmp";
48 + if (tpw.pw_uid <= 0) {
49 + log_err("invalid target user id: (%s)\n", target_uname);
53 + log_err("invalid target user id: (%s)\n", target_uname);
63 - * Error out if the target name/group is different from
64 - * the name/group of the cwd or the program.
66 - if ((uid != dir_info.st_uid) ||
67 - (gid != dir_info.st_gid) ||
68 - (uid != prg_info.st_uid) ||
69 - (gid != prg_info.st_gid)) {
70 - log_err("target uid/gid (%ld/%ld) mismatch "
71 - "with directory (%ld/%ld) or program (%ld/%ld)\n",
73 - dir_info.st_uid, dir_info.st_gid,
74 - prg_info.st_uid, prg_info.st_gid);
76 + * If not called as suexec.fcgi error out if the target
77 + * name/group is different from the name/group of the cwd
80 + if(strcmp(base_pathname(argv[0]),"suexec.fcgi")) {
81 + if ((uid != dir_info.st_uid) ||
82 + (gid != dir_info.st_gid) ||
83 + (uid != prg_info.st_uid) ||
84 + (gid != prg_info.st_gid)) {
85 + log_err("target uid/gid (%ld/%ld) mismatch "
86 + "with directory (%ld/%ld) or program (%ld/%ld)\n",
88 + dir_info.st_uid, dir_info.st_gid,
89 + prg_info.st_uid, prg_info.st_gid);
95 * Error out if the program is not executable for the user.
96 * Otherwise, she won't find any error in the logs except for