Apache HTTPD
mod_unixd.c
Go to the documentation of this file.
1/* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "ap_config.h"
18#include "httpd.h"
19#include "http_config.h"
20#include "http_main.h"
21#include "http_log.h"
22#include "http_core.h"
23#include "mpm_common.h"
24#include "os.h"
25#include "ap_mpm.h"
26#include "mod_unixd.h"
27#include "apr_thread_proc.h"
28#include "apr_strings.h"
29#include "apr_portable.h"
30#ifdef HAVE_PWD_H
31#include <pwd.h>
32#endif
33#ifdef HAVE_SYS_RESOURCE_H
34#include <sys/resource.h>
35#endif
36/* XXX */
37#include <sys/stat.h>
38#ifdef HAVE_UNISTD_H
39#include <unistd.h>
40#endif
41#ifdef HAVE_GRP_H
42#include <grp.h>
43#endif
44#ifdef HAVE_STRINGS_H
45#include <strings.h>
46#endif
47#ifdef HAVE_SYS_SEM_H
48#include <sys/sem.h>
49#endif
50#ifdef HAVE_SYS_PRCTL_H
51#include <sys/prctl.h>
52#endif
53
54#ifndef DEFAULT_USER
55#define DEFAULT_USER "#-1"
56#endif
57#ifndef DEFAULT_GROUP
58#define DEFAULT_GROUP "#-1"
59#endif
60
61#if 0
62typedef struct {
63 const char *user_name;
64 uid_t user_id;
65 gid_t group_id;
66 const char *chroot_dir;
67} unixd_config_t;
68#else
69/*
70 * TODO: clean up the separation between this code
71 * and its data structures and unixd.c, as shown
72 * by the fact that we include unixd.h. Create
73 * mod_unixd.h which does what we need and
74 * clean up unixd.h for what it no longer needs
75 */
76#include "unixd.h"
77#endif
78
79
80/* Set group privileges.
81 *
82 * Note that we use the username as set in the config files, rather than
83 * the lookup of to uid --- the same uid may have multiple passwd entries,
84 * with different sets of groups for each.
85 */
86
87static int set_group_privs(void)
88{
89 if (!geteuid()) {
90 const char *name;
91
92 /* Get username if passed as a uid */
93
94 if (ap_unixd_config.user_name[0] == '#') {
95 struct passwd *ent;
96 uid_t uid = atol(&ap_unixd_config.user_name[1]);
97
98 if ((ent = getpwuid(uid)) == NULL) {
99 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02155)
100 "getpwuid: couldn't determine user name from uid %ld, "
101 "you probably need to modify the User directive",
102 (long)uid);
103 return -1;
104 }
105
106 name = ent->pw_name;
107 }
108 else
109 name = ap_unixd_config.user_name;
110
111#if !defined(OS2)
112 /* OS/2 doesn't support groups. */
113 /*
114 * Set the GID before initgroups(), since on some platforms
115 * setgid() is known to zap the group list.
116 */
117 if (setgid(ap_unixd_config.group_id) == -1) {
118 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02156)
119 "setgid: unable to set group id to Group %ld",
120 (long)ap_unixd_config.group_id);
121 return -1;
122 }
123
124 /* Reset `groups' attributes. */
125
126 if (initgroups(name, ap_unixd_config.group_id) == -1) {
127 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02157)
128 "initgroups: unable to set groups for User %s "
129 "and Group %ld", name, (long)ap_unixd_config.group_id);
130 return -1;
131 }
132#endif /* !defined(OS2) */
133 }
134 return 0;
135}
136
137
138static int
139unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
140{
141 int rv = set_group_privs();
142
143 if (rv) {
144 return rv;
145 }
146
147 if (NULL != ap_unixd_config.chroot_dir) {
148 if (geteuid()) {
149 rv = errno;
150 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02158)
151 "Cannot chroot when not started as root");
152 return rv;
153 }
154
155 if (chdir(ap_unixd_config.chroot_dir) != 0) {
156 rv = errno;
157 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02159)
158 "Can't chdir to %s", ap_unixd_config.chroot_dir);
159 return rv;
160 }
161
162 if (chroot(ap_unixd_config.chroot_dir) != 0) {
163 rv = errno;
164 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02160)
165 "Can't chroot to %s", ap_unixd_config.chroot_dir);
166 return rv;
167 }
168
169 if (chdir("/") != 0) {
170 rv = errno;
171 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02161)
172 "Can't chdir to new root");
173 return rv;
174 }
175 }
176
177 /* Only try to switch if we're running as root */
178 if (!geteuid() && (
179#ifdef _OSD_POSIX
180 os_init_job_environment(NULL, ap_unixd_config.user_name, ap_exists_config_define("DEBUG")) != 0 ||
181#endif
182 setuid(ap_unixd_config.user_id) == -1)) {
183 rv = errno;
184 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02162)
185 "setuid: unable to change to uid: %ld",
186 (long) ap_unixd_config.user_id);
187 return rv;
188 }
189#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
190 /* this applies to Linux 2.4+ */
191 if (ap_coredumpdir_configured) {
192 if (prctl(PR_SET_DUMPABLE, 1)) {
193 rv = errno;
194 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02163)
195 "set dumpable failed - this child will not coredump"
196 " after software errors");
197 return rv;
198 }
199 }
200#endif
201
202 return OK;
203}
204
205
206static const char *
207unixd_set_user(cmd_parms *cmd, void *dummy,
208 const char *arg)
209{
210 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
211 if (err != NULL) {
212 return err;
213 }
214
215 ap_unixd_config.user_name = arg;
216 ap_unixd_config.user_id = ap_uname2id(arg);
217#if !defined (BIG_SECURITY_HOLE) && !defined (OS2)
218 if (ap_unixd_config.user_id == 0) {
219 return "Error:\tApache has not been designed to serve pages while\n"
220 "\trunning as root. There are known race conditions that\n"
221 "\twill allow any local user to read any file on the system.\n"
222 "\tIf you still desire to serve pages as root then\n"
223 "\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n"
224 "\tand then rebuild the server.\n"
225 "\tIt is strongly suggested that you instead modify the User\n"
226 "\tdirective in your httpd.conf file to list a non-root\n"
227 "\tuser.\n";
228 }
229#endif
230
231 return NULL;
232}
233
234static const char*
235unixd_set_group(cmd_parms *cmd, void *dummy,
236 const char *arg)
237{
238 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
239 if (err != NULL) {
240 return err;
241 }
242
243 ap_unixd_config.group_name = arg;
244 ap_unixd_config.group_id = ap_gname2id(arg);
245
246 return NULL;
247}
248
249static const char*
250unixd_set_chroot_dir(cmd_parms *cmd, void *dummy,
251 const char *arg)
252{
253 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
254 if (err != NULL) {
255 return err;
256 }
257 if (!ap_is_directory(cmd->pool, arg)) {
258 return "ChrootDir must be a valid directory";
259 }
260
261 ap_unixd_config.chroot_dir = arg;
262 return NULL;
263}
264
265static const char *
266unixd_set_suexec(cmd_parms *cmd, void *dummy, int arg)
267{
268 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
269
270 if (err != NULL) {
271 return err;
272 }
273
274 if (!ap_unixd_config.suexec_enabled && arg) {
275 return apr_pstrcat(cmd->pool, "suEXEC isn't supported: ",
276 ap_unixd_config.suexec_disabled_reason, NULL);
277 }
278
279 if (!arg) {
280 ap_unixd_config.suexec_disabled_reason = "Suexec directive is Off";
281 }
282
283 ap_unixd_config.suexec_enabled = arg;
284 return NULL;
285}
286
287#ifdef AP_SUEXEC_CAPABILITIES
288/* If suexec is using capabilities, don't test for the setuid bit. */
289#define SETUID_TEST(finfo) (1)
290#else
291#define SETUID_TEST(finfo) (finfo.protection & APR_USETID)
292#endif
293
294static int
295unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
296 apr_pool_t *ptemp)
297{
298 apr_finfo_t wrapper;
299 ap_unixd_config.user_name = DEFAULT_USER;
300 ap_unixd_config.user_id = ap_uname2id(DEFAULT_USER);
301 ap_unixd_config.group_name = DEFAULT_GROUP;
302 ap_unixd_config.group_id = ap_gname2id(DEFAULT_GROUP);
303
304 ap_unixd_config.chroot_dir = NULL; /* none */
305
306 /* Check for suexec */
307 ap_unixd_config.suexec_enabled = 0;
308 if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp))
309 == APR_SUCCESS) {
310 if (SETUID_TEST(wrapper) && wrapper.user == 0
311 && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) {
312 ap_unixd_config.suexec_enabled = 1;
313 ap_unixd_config.suexec_disabled_reason = "";
314 }
315 else {
316 ap_unixd_config.suexec_disabled_reason =
317 "Invalid owner or file mode for " SUEXEC_BIN;
318 }
319 }
320 else {
321 ap_unixd_config.suexec_disabled_reason =
322 "Missing suexec binary " SUEXEC_BIN;
323 }
324
325 ap_sys_privileges_handlers(1);
326 return OK;
327}
328
329AP_DECLARE(int) ap_unixd_setup_child(void)
330{
331 if (set_group_privs()) {
332 return -1;
333 }
334
335 if (NULL != ap_unixd_config.chroot_dir) {
336 if (geteuid()) {
337 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02164)
338 "Cannot chroot when not started as root");
339 return -1;
340 }
341 if (chdir(ap_unixd_config.chroot_dir) != 0) {
342 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02165)
343 "Can't chdir to %s", ap_unixd_config.chroot_dir);
344 return -1;
345 }
346 if (chroot(ap_unixd_config.chroot_dir) != 0) {
347 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02166)
348 "Can't chroot to %s", ap_unixd_config.chroot_dir);
349 return -1;
350 }
351 if (chdir("/") != 0) {
352 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02167)
353 "Can't chdir to new root");
354 return -1;
355 }
356 }
357
358 /* Only try to switch if we're running as root */
359 if (!geteuid() && (
360#ifdef _OSD_POSIX
361 os_init_job_environment(NULL, ap_unixd_config.user_name, ap_exists_config_define("DEBUG")) != 0 ||
362#endif
363 setuid(ap_unixd_config.user_id) == -1)) {
364 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02168)
365 "setuid: unable to change to uid: %ld",
366 (long) ap_unixd_config.user_id);
367 return -1;
368 }
369#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
370 /* this applies to Linux 2.4+ */
371 if (ap_coredumpdir_configured) {
372 if (prctl(PR_SET_DUMPABLE, 1)) {
373 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02169)
374 "set dumpable failed - this child will not coredump"
375 " after software errors");
376 }
377 }
378#endif
379 return 0;
380}
381
382static void unixd_dump_config(apr_pool_t *p, server_rec *s)
383{
384 apr_file_t *out = NULL;
385 apr_uid_t uid = ap_unixd_config.user_id;
386 apr_gid_t gid = ap_unixd_config.group_id;
387 char *no_root = "";
388 if (!ap_exists_config_define("DUMP_RUN_CFG"))
389 return;
390 if (geteuid() != 0)
391 no_root = " not_used";
392 apr_file_open_stdout(&out, p);
393 apr_file_printf(out, "User: name=\"%s\" id=%lu%s\n",
394 ap_unixd_config.user_name, (unsigned long)uid, no_root);
395 apr_file_printf(out, "Group: name=\"%s\" id=%lu%s\n",
396 ap_unixd_config.group_name, (unsigned long)gid, no_root);
397 if (ap_unixd_config.chroot_dir)
398 apr_file_printf(out, "ChrootDir: \"%s\"%s\n",
399 ap_unixd_config.chroot_dir, no_root);
400}
401
411
412static const command_rec unixd_cmds[] = {
413 AP_INIT_TAKE1("User", unixd_set_user, NULL, RSRC_CONF,
414 "Effective user id for this server"),
415 AP_INIT_TAKE1("Group", unixd_set_group, NULL, RSRC_CONF,
416 "Effective group id for this server"),
417 AP_INIT_TAKE1("ChrootDir", unixd_set_chroot_dir, NULL, RSRC_CONF,
418 "The directory to chroot(2) into"),
419 AP_INIT_FLAG("Suexec", unixd_set_suexec, NULL, RSRC_CONF,
420 "Enable or disable suEXEC support"),
421 {NULL}
422};
423
424AP_DECLARE_MODULE(unixd) = {
425 STANDARD20_MODULE_STUFF,
426 NULL,
427 NULL,
428 NULL,
429 NULL,
430 unixd_cmds,
431 unixd_hooks
432};
433
ap_config.h
Symbol export macros and hook functions.
AP_DECLARE
#define AP_DECLARE(type)
Definition ap_config.h:67
ap_mpm.h
Apache Multi-Processing Module library.
apr_portable.h
APR Portability Routines.
apr_strings.h
APR Strings library.
apr_thread_proc.h
APR Thread and Process Library.
pconf
static apr_pool_t * pconf
Definition event.c:441
AP_INIT_TAKE1
#define AP_INIT_TAKE1(directive, func, mconfig, where, help)
Definition http_config.h:176
ap_hook_test_config
void ap_hook_test_config(ap_HOOK_test_config_t *pf, const char *const *aszPre, const char *const *aszSucc, int nOrder)
Definition config.c:100
AP_DECLARE_MODULE
#define AP_DECLARE_MODULE(foo)
Definition http_config.h:464
AP_INIT_FLAG
#define AP_INIT_FLAG(directive, func, mconfig, where, help)
Definition http_config.h:194
ap_hook_pre_config
void ap_hook_pre_config(ap_HOOK_pre_config_t *pf, const char *const *aszPre, const char *const *aszSucc, int nOrder)
Definition config.c:91
OK
#define OK
Definition httpd.h:456
SUEXEC_BIN
#define SUEXEC_BIN
Definition httpd.h:156
ap_exists_config_define
int ap_exists_config_define(const char *name)
Definition core.c:2896
APLOGNO
#define APLOGNO(n)
Definition http_log.h:117
ap_log_error
#define ap_log_error
Definition http_log.h:370
APLOG_MARK
#define APLOG_MARK
Definition http_log.h:283
APLOG_ALERT
#define APLOG_ALERT
Definition http_log.h:65
dummy
void * dummy
Definition http_vhost.h:62
arg
void const char * arg
Definition http_vhost.h:63
ap_sys_privileges_handlers
int ap_sys_privileges_handlers(int inc)
Definition core.c:5062
ap_coredumpdir_configured
int ap_coredumpdir_configured
Definition mpm_common.c:153
ap_hook_drop_privileges
void ap_hook_drop_privileges(ap_HOOK_drop_privileges_t *pf, const char *const *aszPre, const char *const *aszSucc, int nOrder)
Definition mpm_common.c:94
initgroups
int initgroups(const char *name, gid_t basegid)
Definition mpm_common.c:267
ap_unixd_setup_child
int ap_unixd_setup_child(void)
Definition mod_unixd.c:329
uid
apr_fileperms_t apr_uid_t uid
Definition apr_global_mutex.h:159
gid
apr_fileperms_t apr_uid_t apr_gid_t gid
Definition apr_global_mutex.h:159
APR_HOOK_FIRST
#define APR_HOOK_FIRST
Definition apr_hooks.h:301
APR_HOOK_MIDDLE
#define APR_HOOK_MIDDLE
Definition apr_hooks.h:303
RSRC_CONF
#define RSRC_CONF
Definition http_config.h:241
STANDARD20_MODULE_STUFF
#define STANDARD20_MODULE_STUFF
Definition http_config.h:486
ap_is_directory
int ap_is_directory(apr_pool_t *p, const char *name)
Definition util.c:2326
GLOBAL_ONLY
#define GLOBAL_ONLY
Definition http_config.h:970
ap_check_cmd_context
const char * ap_check_cmd_context(cmd_parms *cmd, unsigned forbidden)
Definition core.c:1301
size
apr_size_t size
Definition apr_allocator.h:115
pool
const char int apr_pool_t * pool
Definition apr_cstr.h:84
APR_SUCCESS
#define APR_SUCCESS
Definition apr_errno.h:225
APR_FINFO_NORM
#define APR_FINFO_NORM
Definition apr_file_info.h:167
s
const char * s
Definition apr_strings.h:95
err
apr_int32_t apr_int32_t apr_int32_t err
Definition apr_thread_proc.h:418
cmd
apr_cmdtype_e cmd
Definition apr_thread_proc.h:495
apr_gid_t
gid_t apr_gid_t
Definition apr_user.h:54
apr_uid_t
uid_t apr_uid_t
Definition apr_user.h:45
http_config.h
Apache Configuration.
http_core.h
CORE HTTP Daemon.
http_log.h
Apache Logging library.
http_main.h
Command line options.
httpd.h
HTTP Daemon routines.
p
apr_pool_t * p
Definition md_event.c:32
out
static apr_file_t * out
Definition mod_info.c:85
NULL
return NULL
Definition mod_so.c:359
unixd_cmds
static const command_rec unixd_cmds[]
Definition mod_unixd.c:412
unixd_set_user
static const char * unixd_set_user(cmd_parms *cmd, void *dummy, const char *arg)
Definition mod_unixd.c:207
unixd_pre_config
static int unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
Definition mod_unixd.c:295
set_group_privs
static int set_group_privs(void)
Definition mod_unixd.c:87
DEFAULT_GROUP
#define DEFAULT_GROUP
Definition mod_unixd.c:58
unixd_drop_privileges
static int unixd_drop_privileges(apr_pool_t *pool, server_rec *s)
Definition mod_unixd.c:139
unixd_set_suexec
static const char * unixd_set_suexec(cmd_parms *cmd, void *dummy, int arg)
Definition mod_unixd.c:266
DEFAULT_USER
#define DEFAULT_USER
Definition mod_unixd.c:55
unixd_hooks
static void unixd_hooks(apr_pool_t *pool)
Definition mod_unixd.c:402
unixd_set_chroot_dir
static const char * unixd_set_chroot_dir(cmd_parms *cmd, void *dummy, const char *arg)
Definition mod_unixd.c:250
unixd_set_group
static const char * unixd_set_group(cmd_parms *cmd, void *dummy, const char *arg)
Definition mod_unixd.c:235
SETUID_TEST
#define SETUID_TEST(finfo)
Definition mod_unixd.c:291
unixd_dump_config
static void unixd_dump_config(apr_pool_t *p, server_rec *s)
Definition mod_unixd.c:382
mod_unixd.h
common stuff that unix MPMs will want
mpm_common.h
Multi-Processing Modules functions.
name
char * name
Definition ssl_engine_vars.c:563
apr_file_t
Definition apr_arch_file_io.h:97
apr_finfo_t
Definition apr_file_info.h:174
apr_pool_t
Definition apr_pools.c:562
cmd_parms_struct
Definition http_config.h:288
command_struct
Definition http_config.h:204
server_rec
A structure to store information for each virtual server.
Definition httpd.h:1322
Generated by doxygen 1.9.8