1 --- httpd-2.4.4/support/suexec.c.orig 2012-12-03 17:33:42.000000000 +0100
2 +++ httpd-2.4.4/support/suexec.c 2013-03-07 23:13:29.312581994 +0100
8 + * Return the `basename' of the pathname in STRING (the stuff after
9 + * the last '/'). If STRING is `/', just return it. Taken from bash.
11 +char *base_pathname(char *string)
15 + if (string[0] == '/' && string[1] == 0)
18 + p = (char *)strrchr (string, '/');
19 + return (p ? ++p : string);
22 int main(int argc, char *argv[])
24 int userdir = 0; /* ~userdir flag */
26 char dwd[AP_MAXPATH]; /* docroot working directory */
27 struct passwd *pw; /* password entry holder */
28 struct group *gr; /* group entry holder */
29 + struct passwd tpw; /* tmp password entry holder */
30 struct stat dir_info; /* directory info holder */
31 struct stat prg_info; /* program info holder */
36 if ((pw = getpwuid(atoi(target_uname))) == NULL) {
37 - log_err("invalid target user id: (%s)\n", target_uname);
40 + * If called as suexec.fcgi ignore if there is no passwd
41 + * entry for specified UID. Also bail out if UID = 0.
43 + if(!strcmp(base_pathname(argv[0]),"suexec.fcgi")) {
44 + tpw.pw_name = strdup(target_uname);
45 + tpw.pw_uid = atoi(target_uname);
46 + tpw.pw_dir = (char *)"/tmp";
48 + if (tpw.pw_uid <= 0) {
49 + log_err("invalid target user id: (%s)\n", target_uname);
53 + log_err("invalid target user id: (%s)\n", target_uname);
60 * Error out if the target name/group is different from
61 * the name/group of the cwd or the program.
63 + if(strcmp(base_pathname(argv[0]),"suexec.fcgi")) {
64 if ((uid != dir_info.st_uid) ||
65 (gid != dir_info.st_gid) ||
66 (uid != prg_info.st_uid) ||
68 (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
73 * Error out if the program is not executable for the user.
74 * Otherwise, she won't find any error in the logs except for