Changes with Apache 2.3.0
[ When backported to 2.2.x, remove entry from this file ]
+ *) Support chroot on Unix-family platforms
+ PR 43596 [Dimitar Pashev <mitko banksoft-bg.com>]
+
*) Don't add bogus duplicate Content-Language entries
PR 11035 [Davi Arnaut]
if (set_group_privs()) {
return -1;
}
+
+ if (NULL != unixd_config.chroot_dir) {
+ if (geteuid()) {
+ ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
+ "Cannot chroot when not started as root");
+ return -1;
+ }
+ if (chdir(unixd_config.chroot_dir) != 0) {
+ ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
+ "Can't chdir to %s", unixd_config.chroot_dir);
+ return -1;
+ }
+ if (chroot(unixd_config.chroot_dir) != 0) {
+ ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
+ "Can't chroot to %s", unixd_config.chroot_dir);
+ return -1;
+ }
+ if (chdir("/") != 0) {
+ ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
+ "Can't chdir to new root");
+ return -1;
+ }
+ }
+
#ifdef MPE
/* Only try to switch if we're running as MANAGER.SYS */
if (geteuid() == 1 && unixd_config.user_id > 1) {
return NULL;
}
+AP_DECLARE(const char *) unixd_set_chroot_dir(cmd_parms *cmd, void *dummy,
+ const char *arg)
+{
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err != NULL) {
+ return err;
+ }
+ if (!ap_is_directory(cmd->pool, arg)) {
+ return "ChrootDir must be a valid directory";
+ }
+
+ unixd_config.chroot_dir = arg;
+ return NULL;
+}
AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
{
unixd_config.user_name = DEFAULT_USER;
unixd_config.user_id = ap_uname2id(DEFAULT_USER);
unixd_config.group_id = ap_gname2id(DEFAULT_GROUP);
+
+ unixd_config.chroot_dir = NULL; /* none */
/* Check for suexec */
unixd_config.suexec_enabled = 0;
uid_t user_id;
gid_t group_id;
int suexec_enabled;
+ const char *chroot_dir;
} unixd_config_rec;
AP_DECLARE_DATA extern unixd_config_rec unixd_config;
const char *arg);
AP_DECLARE(const char *) unixd_set_group(cmd_parms *cmd, void *dummy,
const char *arg);
+AP_DECLARE(const char *) unixd_set_chroot_dir(cmd_parms *cmd, void *dummy,
+ const char *arg);
+
#if defined(RLIMIT_CPU) || defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_NPROC) || defined(RLIMIT_AS)
AP_DECLARE(void) unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit,
const char *arg, const char * arg2, int type);
AP_INIT_TAKE1("User", unixd_set_user, NULL, RSRC_CONF, \
"Effective user id for this server"), \
AP_INIT_TAKE1("Group", unixd_set_group, NULL, RSRC_CONF, \
- "Effective group id for this server")
+ "Effective group id for this server"), \
+AP_INIT_TAKE1("ChrootDir", unixd_set_chroot_dir, NULL, RSRC_CONF, \
+ "The directory to chroot(2) into")
#ifdef __cplusplus
}
projects / apache / commitdiff