File 0010-Update-suexec-to-allow-trusted-scripts.patch of Package ea-apache2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Cory McIntire <cory@cpanel.net>
Date: Thu, 12 Jul 2018 15:44:16 -0500
Subject: [PATCH 10/21] Update suexec to allow "trusted scripts"
---
support/suexec.c | 25 ++++++++++++++++++++++---
support/suexec.h | 21 +++++++++++++++++++++
2 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/support/suexec.c b/support/suexec.c
index c2eb0b6..9c6a674 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -146,11 +146,11 @@ static const char *const safe_env_lst[] =
NULL
};
-static void log_err(const char *fmt,...)
+static void log_err(const char *fmt,...)
__attribute__((format(printf,1,2)));
-static void log_no_err(const char *fmt,...)
+static void log_no_err(const char *fmt,...)
__attribute__((format(printf,1,2)));
-static void err_output(int is_error, const char *fmt, va_list ap)
+static void err_output(int is_error, const char *fmt, va_list ap)
__attribute__((format(printf,2,0)));
static void err_output(int is_error, const char *fmt, va_list ap)
@@ -600,12 +600,31 @@ int main(int argc, char *argv[])
(gid != dir_info.st_gid) ||
(uid != prg_info.st_uid) ||
(gid != prg_info.st_gid)) {
+#ifdef TRUSTED_USERS_SCRIPTS
+ /*
+ * Check if we're using a "shared" script
+ */
+ if ((SUEXEC_TRUSTED_USER != prg_info.st_uid) ||
+ (SUEXEC_TRUSTED_GROUP != prg_info.st_gid) ||
+ ((strncmp(cwd, "/usr/local/cpanel/cgi-sys", 25) != 0) &&
+ (strncmp(cwd, "/usr/local/bandmin", 18) != 0) )) {
+ log_err("error: target uid/gid (%u/%u) mismatch "
+ "with directory (%u/%u) or program (%u/%u) "
+ "or trusted user (%u/%u)\n",
+ uid, gid,
+ dir_info.st_uid, dir_info.st_gid,
+ prg_info.st_uid, prg_info.st_gid,
+ SUEXEC_TRUSTED_USER, SUEXEC_TRUSTED_GROUP);
+ exit(120);
+ }
+#else
log_err("target uid/gid (%lu/%lu) mismatch "
"with directory (%lu/%lu) or program (%lu/%lu)\n",
(unsigned long)uid, (unsigned long)gid,
(unsigned long)dir_info.st_uid, (unsigned long)dir_info.st_gid,
(unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
exit(120);
+#endif
}
/*
* Error out if the program is not executable for the user.
diff --git a/support/suexec.h b/support/suexec.h
index 07bb7bb..2d371e8 100644
--- a/support/suexec.h
+++ b/support/suexec.h
@@ -39,6 +39,27 @@
#define AP_HTTPD_USER "www"
#endif
+/*
+ * READ THIS BEFORE CONTINUING!!
+ *
+ * The patch below adds a feature which makes it possible to run "shared"
+ * scripts. Suppose you are a systems admin for $large hosting provider and
+ * you want to offer your customers some standard scripts. These scripts would
+ * cause a security violation based on the uid owner of the script.
+ *
+ * This patch makes it possible to "trust" a certain user/group. Look below to
+ * define the user/group ID.
+ *
+ * Uncomment the define to make it actually happen.
+ */
+
+#define TRUSTED_USERS_SCRIPTS
+
+#ifdef TRUSTED_USERS_SCRIPTS
+#define SUEXEC_TRUSTED_USER 0
+#define SUEXEC_TRUSTED_GROUP 10
+#endif
+
/*
* UID_MIN -- Define this as the lowest UID allowed to be a target user
* for suEXEC. For most systems, 500 or 100 is common.
