Created
March 5, 2013 00:11
-
-
Save deferraz/5086885 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -uNr a/src/Application.cpp b/src/Application.cpp--- a/src/Application.cpp 2013-03-04 17:55:40.000000000 -0300 | |
| +++ b/src/Application.cpp 2013-03-04 18:27:12.000000000 -0300 | |
| @@ -306,13 +306,15 @@ // Common code (for all security modes) | |
| // Check UID/GID of script | |
| - if (scriptFile.getUser().getUid() < config.getMinUid()) { | |
| + if ((scriptFile.getUser().getUid() < config.getMinUid()) && | |
| + scriptFile.getUser().getUid() != config.getExceptUid()) { std::string error = "UID of script \"" + scriptFilename + "\" is smaller than min_uid"; logger.logWarning(error); | |
| throw SoftException(error, __FILE__, __LINE__); | |
| }- if (scriptFile.getGroup().getGid() < config.getMinGid()) {+ if ((scriptFile.getGroup().getGid() < config.getMinGid()) &&+ scriptFile.getGroup().getGid() != config.getExceptGid()) { | |
| std::string error = "GID of script \"" + scriptFilename | |
| + "\" is smaller than min_gid"; | |
| logger.logWarning(error); | |
| diff -uNr a/src/Configuration.cpp b/src/Configuration.cpp | |
| --- a/src/Configuration.cpp 2013-03-04 17:55:40.000000000 -0300 | |
| +++ b/src/Configuration.cpp 2013-03-04 18:26:54.000000000 -0300@@ -154,6 +154,10 @@ this->min_uid = Util::strToInt(value); else if (key == "min_gid") | |
| this->min_gid = Util::strToInt(value); | |
| + else if (key == "except_uid") | |
| + this->except_uid = Util::strToInt(value); | |
| + else if (key == "except_gid") | |
| + this->except_gid = Util::strToInt(value); | |
| else if (key == "umask") | |
| this->umask = Util::octalStrToInt(value); | |
| else if (key == "chroot") | |
| @@ -238,6 +242,14 @@ | |
| } | |
| } | |
| +int suPHP::Configuration::getExceptUid() const { | |
| + return this->except_uid; | |
| +} | |
| + | |
| +int suPHP::Configuration::getExceptGid() const { | |
| + return this->except_gid; | |
| +} | |
| + | |
| int suPHP::Configuration::getMinUid() const { | |
| return this->min_uid; | |
| } | |
| diff -uNr a/src/Configuration.hpp b/src/Configuration.hpp | |
| --- a/src/Configuration.hpp 2013-03-04 17:55:40.000000000 -0300 | |
| +++ b/src/Configuration.hpp 2013-03-04 18:26:54.000000000 -0300 | |
| @@ -55,6 +55,8 @@ | |
| LogLevel loglevel; | |
| int min_uid; | |
| int min_gid; | |
| + int except_uid; | |
| + int except_gid; | |
| int umask; | |
| std::string chroot_path; | |
| bool handle_userdir; | |
| @@ -148,6 +150,16 @@ | |
| throw (KeyNotFoundException); | |
| /**+ * Returns except UID allowed for scripts | |
| + */ | |
| + int getExceptUid() const; | |
| + | |
| + /** | |
| + * Returns except GID allowed for scripts | |
| + */ | |
| + int getExceptGid() const; | |
| + | |
| + /** | |
| * Returns minimum UID allowed for scripts | |
| */ | |
| int getMinUid() const; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment