Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
isv:cpanel:dev:EA4
mod_suphp
0003-Option-to-turn-off-paranoid-mode-via-confi...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0003-Option-to-turn-off-paranoid-mode-via-configuration-f.patch of Package mod_suphp
From b02f017b3c22d19703a950ffacf69180acc750b9 Mon Sep 17 00:00:00 2001 From: Kurt Newman <kurt.newman@cpanel.net> Date: Tue, 13 Jan 2015 18:18:05 -0600 Subject: [PATCH 3/7] Option to turn off paranoid mode via configuration file Case 2666: Adds paranoid_uid_check and paranoid_gid_check options so that the user can turn off paranoid mode (which is on by default) when checking UID/GID of executed script. Normally, you cannot do this because the mode is set at compile time. For more information: http://documentation.cpanel.net/display/EA/Apache+PHP+Request+Handling --- src/Application.cpp | 4 ++-- src/Configuration.cpp | 14 ++++++++++++++ src/Configuration.hpp | 14 ++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/src/Application.cpp b/src/Application.cpp index 672d743..1b6e3e3 100644 --- a/src/Application.cpp +++ b/src/Application.cpp @@ -406,7 +406,7 @@ void suPHP::Application::checkProcessPermissions( // Paranoid mode only #ifdef OPT_USERGROUP_PARANOID - if (targetUser != scriptFile.getUser()) { + if (config.getParanoidUIDCheck() && targetUser != scriptFile.getUser()) { std::string error ="Mismatch between target UID (" + Util::intToStr(targetUser.getUid()) + ") and UID (" + Util::intToStr(scriptFile.getUser().getUid()) + ") of file \"" @@ -415,7 +415,7 @@ void suPHP::Application::checkProcessPermissions( throw SoftException(error, __FILE__, __LINE__); } - if (targetGroup != scriptFile.getGroup()) { + if (config.getParanoidGIDCheck() && targetGroup != scriptFile.getGroup()) { std::string error ="Mismatch between target GID (" + Util::intToStr(targetGroup.getGid()) + ") and GID (" + Util::intToStr(scriptFile.getGroup().getGid()) + ") of file \"" diff --git a/src/Configuration.cpp b/src/Configuration.cpp index 0c63ff5..f1ea3a6 100644 --- a/src/Configuration.cpp +++ b/src/Configuration.cpp @@ -114,6 +114,8 @@ suPHP::Configuration::Configuration() { this->umask = 0077; this->chroot_path = ""; this->full_php_process_display = false; + this->paranoid_uid_check = true; + this->paranoid_gid_check = true; } void suPHP::Configuration::readFromFile(File& file) @@ -163,6 +165,10 @@ void suPHP::Configuration::readFromFile(File& file) this->chroot_path = value; else if (key == "full_php_process_display") this->full_php_process_display = this->strToBool(value); + else if (key == "paranoid_gid_check") + this->paranoid_gid_check = this->strToBool(value); + else if (key == "paranoid_uid_check") + this->paranoid_uid_check = this->strToBool(value); else throw ParsingException("Unknown option \"" + key + "\" in section [global]", @@ -231,6 +237,14 @@ bool suPHP::Configuration::getFullPHPProcessDisplay() const { return this->full_php_process_display; } +bool suPHP::Configuration::getParanoidUIDCheck() const { + return this->paranoid_uid_check; +} + +bool suPHP::Configuration::getParanoidGIDCheck() const { + return this->paranoid_gid_check; +} + bool suPHP::Configuration::getErrorsToBrowser() const { return this->errors_to_browser; } diff --git a/src/Configuration.hpp b/src/Configuration.hpp index 1853acb..6f1aa12 100644 --- a/src/Configuration.hpp +++ b/src/Configuration.hpp @@ -60,6 +60,8 @@ namespace suPHP { int umask; std::string chroot_path; bool full_php_process_display; + bool paranoid_uid_check; + bool paranoid_gid_check; /** * Converts string to bool @@ -146,6 +148,18 @@ namespace suPHP { bool getFullPHPProcessDisplay() const; /** + * Returns whether suPHP should check the target script GID in + * paranoid mode + */ + bool getParanoidGIDCheck() const; + + /** + * Returns whether suPHP should check the target script UID in + * paranoid mode + */ + bool getParanoidUIDCheck() const; + + /** * Returns whether (minor) error message should be sent to browser */ bool getErrorsToBrowser() const; -- 2.2.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor