Download | Plain Text | No Line Numbers
- --- src/support/suexec.c.orig 2005-11-17 20:18:09.000000000 +0100
- +++ src/support/suexec.c 2005-11-17 20:39:41.000000000 +0100
- @@ -486,6 +486,7 @@
- struct group *gr; /* group entry holder */
- struct stat dir_info; /* directory info holder */
- struct stat prg_info; /* program info holder */
- + int skip_checks = 0;
-
- /*
- * Start with a "clean" environment
- @@ -735,7 +736,19 @@
- }
- }
-
- - if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
- + const char *phpcgipath1 = "/usr/lib/php5/bin";
- + const char *phpcgipath2 = "/usr/lib/php4/bin";
- + const char *phpcgipath3 = "/usr/local/bin";
- + const char *phpcgiexec = "php-cgi-wrapper";
- + if ((!strncmp(cwd, phpcgipath1, strlen(phpcgipath1)) ||
- + !strncmp(cwd, phpcgipath2, strlen(phpcgipath2)) ||
- + !strncmp(cwd, phpcgipath3, strlen(phpcgipath3))) &&
- + !strncmp(cmd, phpcgiexec, strlen(phpcgiexec))) {
- + skip_checks = 1;
- + }
- +
- + if (!skip_checks &&
- + (strncmp(cwd, dwd, strlen(dwd))) != 0) {
- log_err("error: command not in docroot (%s/%s)\n", cwd, cmd);
- exit(114);
- }
- @@ -794,10 +803,11 @@
- * Error out if the target name/group is different from
- * the name/group of the cwd or the program.
- */
- - if ((uid != dir_info.st_uid) ||
- + if (!skip_checks &&
- + ((uid != dir_info.st_uid) ||
- (gid != dir_info.st_gid) ||
- (uid != prg_info.st_uid) ||
- - (gid != prg_info.st_gid)) {
- + (gid != prg_info.st_gid))) {
- log_err("error: target uid/gid (%ld/%ld) mismatch "
- "with directory (%ld/%ld) or program (%ld/%ld)\n",
- uid, gid,
-