--- suexec.c 2009-08-28 23:37:37.000000000 +0900 +++ suexec.yuruyuru 2010-10-15 18:22:10.000000000 +0900 @@ -37,6 +37,7 @@ #include #include #include +#include // T.Kabu for proccheck #include #include #if APR_HAVE_UNISTD_H @@ -88,6 +89,8 @@ #define AP_ENVBUF 256 +#define MAXPROC 10 // T.Kabu for proccheck + extern char **environ; static FILE *log = NULL; @@ -245,6 +248,65 @@ environ = cleanenv; } +// +// Process Check T.Kabu +// +// return ... +// 0 ... OK +// !0 ... ERROR +// +int proccheck(int check_userid,int maxproc) +{ + DIR *dir_p; + struct direct *dir; + struct stat filestat; + int proc_num = 0; + char filename[256]; + + // + // Open DIR + // + if ((dir_p = opendir("/proc/")) == NULL) + { + fprintf(stderr, "cannot open /proc/ !?\n"); + return(1); + } + + // + // Read DIR + // + while ((dir = readdir(dir_p)) != NULL) + { + if (dir->d_ino == 0) + { + continue; + } + if ((dir->d_name[0] < 0x30) || (dir->d_name[0] > 0x39)) + { + continue; + } + if (strlen(dir->d_name) > 200) + { + continue; + } + + sprintf(filename,"/proc/%s",dir->d_name); + stat(filename,&filestat); + if (filestat.st_uid == check_userid) + { + // printf("%s\tis kabu\'s process!!\n",filename); + if ((proc_num++) > maxproc) + { + // printf("Process over, %i.\n",proc_num); + return(1); + } + } + } + closedir(dir_p); + return(0); +} + + int main(int argc, char *argv[]) { int userdir = 0; /* ~userdir flag */ @@ -355,11 +417,14 @@ * to protect against attacks. If any are * found, error out. Naughty naughty crackers. */ - if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3)) - || (strstr(cmd, "/../") != NULL)) { - log_err("invalid command (%s)\n", cmd); - exit(104); - } +// if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3)) +// || (strstr(cmd, "/../") != NULL)) { +// log_err("invalid command (%s)\n", cmd); +// exit(104); +// } +// +// T.Kabu +// /* * Check to see if this is a ~userdir request. If @@ -516,11 +581,13 @@ } } - if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { - log_err("command not in docroot (%s/%s)\n", cwd, cmd); - exit(114); - } - +// if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { +// log_err("command not in docroot (%s/%s)\n", cwd, cmd); +// exit(114); +// } +// +// T.Kabu +// /* * Stat the cwd and verify it is a directory, or error out. */ @@ -565,17 +632,20 @@ * Error out if the target name/group is different from * the name/group of the cwd or the program. */ - if ((uid != dir_info.st_uid) || - (gid != dir_info.st_gid) || - (uid != prg_info.st_uid) || - (gid != prg_info.st_gid)) { - log_err("target uid/gid (%ld/%ld) mismatch " - "with directory (%ld/%ld) or program (%ld/%ld)\n", - uid, gid, - dir_info.st_uid, dir_info.st_gid, - prg_info.st_uid, prg_info.st_gid); - exit(120); - } +// if ((uid != dir_info.st_uid) || +// (gid != dir_info.st_gid) || +// (uid != prg_info.st_uid) || +// (gid != prg_info.st_gid)) { +// log_err("target uid/gid (%ld/%ld) mismatch " +// "with directory (%ld/%ld) or program (%ld/%ld)\n", +// uid, gid, +// dir_info.st_uid, dir_info.st_gid, +// prg_info.st_uid, prg_info.st_gid); +// exit(120); +// } +// +// T.Kabu +// /* * Error out if the program is not executable for the user. * Otherwise, she won't find any error in the logs except for @@ -586,6 +656,14 @@ exit(121); } + /* + * Error out if process is over count, MAXPROC T.Kabu + */ + if (proccheck(uid,MAXPROC)) { + log_err("error: Process is over count!\n"); + exit(199); + } + #ifdef AP_SUEXEC_UMASK /* * umask() uses inverse logic; bits are CLEAR for allowed access.