dgaudet 97/04/24 16:28:46
Modified: src CHANGES
support suexec.c
Log:
Allow suexec to exec files referenced relatively outside current directory.
Submitted by: Ken Coar
Reviewed by: Dean, Roy
Revision Changes Path
1.247 +4 -0 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.246
retrieving revision 1.247
diff -C3 -r1.246 -r1.247
*** CHANGES 1997/04/24 23:25:08 1.246
--- CHANGES 1997/04/24 23:28:44 1.247
***************
*** 1,5 ****
--- 1,9 ----
Changes with Apache 1.2
+ *) Allow suexec to access files relative to current directory but not
+ above. (Excluding leading / or any .. directory.) [Ken Coar]
+ PR#269, 319, 395
+
*) Fix suexec segfault when group doesn't exist. [Gregory Neil Shapiro]
PR#367, 368, 354, 453
1.22 +8 -3 apache/support/suexec.c
Index: suexec.c
===================================================================
RCS file: /export/home/cvs/apache/support/suexec.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -C3 -r1.21 -r1.22
*** suexec.c 1997/04/24 23:25:11 1.21
--- suexec.c 1997/04/24 23:28:46 1.22
***************
*** 264,274 ****
}
/*
! * Check for a '/' in the command to be executed,
! * to protect against attacks. If a '/' is
* found, error out. Naughty naughty crackers.
*/
! if ((strchr(cmd, '/')) != NULL ) {
log_err("invalid command (%s)\n", cmd);
exit(104);
}
--- 264,279 ----
}
/*
! * Check for a leading '/' (absolute path) in the command to be executed,
! * or attempts to back up out of the current directory,
! * to protect against attacks. If any are
* found, error out. Naughty naughty crackers.
*/
! if (
! (cmd[0] == '/') ||
! (! strncmp (cmd, "../", 3)) ||
! (strstr (cmd, "/../") != NULL)
! ) {
log_err("invalid command (%s)\n", cmd);
exit(104);
}
Modified: src CHANGES
support suexec.c
Log:
Allow suexec to exec files referenced relatively outside current directory.
Submitted by: Ken Coar
Reviewed by: Dean, Roy
Revision Changes Path
1.247 +4 -0 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.246
retrieving revision 1.247
diff -C3 -r1.246 -r1.247
*** CHANGES 1997/04/24 23:25:08 1.246
--- CHANGES 1997/04/24 23:28:44 1.247
***************
*** 1,5 ****
--- 1,9 ----
Changes with Apache 1.2
+ *) Allow suexec to access files relative to current directory but not
+ above. (Excluding leading / or any .. directory.) [Ken Coar]
+ PR#269, 319, 395
+
*) Fix suexec segfault when group doesn't exist. [Gregory Neil Shapiro]
PR#367, 368, 354, 453
1.22 +8 -3 apache/support/suexec.c
Index: suexec.c
===================================================================
RCS file: /export/home/cvs/apache/support/suexec.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -C3 -r1.21 -r1.22
*** suexec.c 1997/04/24 23:25:11 1.21
--- suexec.c 1997/04/24 23:28:46 1.22
***************
*** 264,274 ****
}
/*
! * Check for a '/' in the command to be executed,
! * to protect against attacks. If a '/' is
* found, error out. Naughty naughty crackers.
*/
! if ((strchr(cmd, '/')) != NULL ) {
log_err("invalid command (%s)\n", cmd);
exit(104);
}
--- 264,279 ----
}
/*
! * Check for a leading '/' (absolute path) in the command to be executed,
! * or attempts to back up out of the current directory,
! * to protect against attacks. If any are
* found, error out. Naughty naughty crackers.
*/
! if (
! (cmd[0] == '/') ||
! (! strncmp (cmd, "../", 3)) ||
! (strstr (cmd, "/../") != NULL)
! ) {
log_err("invalid command (%s)\n", cmd);
exit(104);
}