From: Benjamin Podszun <ben@galactic-tales.de>
To: azarah@gentoo.org
Cc: Hasse Hagen Johansen <hhj@musikcheck.dk>,
Gentoo-Dev <gentoo-dev@gentoo.org>
Subject: Re: [gentoo-dev] Performance once again..
Date: 13 Apr 2003 00:55:38 +0200 [thread overview]
Message-ID: <1050188138.4931.51.camel@blafasel> (raw)
In-Reply-To: <1050186320.4224.51.camel@nosferatu.lan>
[-- Attachment #1.1: Type: text/plain, Size: 976 bytes --]
Attached.
On Sun, 2003-04-13 at 00:25, Martin Schlemmer wrote:
> On Sat, 2003-04-12 at 22:44, Benjamin Podszun wrote:
> > jay:~/apache-1.3.27/debian/patches# ls
> > ab_overzealous_connections mime_type_fix
> > apxs_assumes_dso mod_bandwidth_paths
> > apxs_wrong_prefix phf_dot_log
> > custom_response_segfaults
> > regex_must_conform_to_posix_for_LFS_to_work
> > dbm_part_2_the_revenge server_subversioning
> > debian_config_layout suexec_combined
> > debian_ps_is_brutal suexec_of_death
> > debian_requires_fPIC thetarget_unquoted
> > hurd_compile_fix_for_upstream usr_bin_perl_owns_you
> >
> > Uhm.. That's not really helpful for me... Any other ideas?
> >
>
> Could you attach patches:
>
> ab_overzealous_connections
> mod_bandwidth_paths
> suexec_combined
> suexec_of_death
> usr_bin_perl_owns_you
>
> Although I do not think the last are related.
[-- Attachment #1.2: ab_overzealous_connections --]
[-- Type: text/x-patch, Size: 414 bytes --]
diff -ruN build-tree/apache_1.3.27/src/support/ab.c build-tree/apache_1.3.26/src/support/ab.c
--- build-tree/apache_1.3.27/src/support/ab.c Thu May 18 02:43:06 2000
+++ build-tree/apache_1.3.27/src/support/ab.c Thu May 18 02:36:24 2000
@@ -602,7 +602,8 @@
FD_CLR(c->fd, &writebits);
/* connect again */
- start_connect(c);
+ if(done < requests)
+ start_connect(c);
return;
}
[-- Attachment #1.3: mod_bandwidth_paths --]
[-- Type: text/plain, Size: 844 bytes --]
--- build-tree/apache-contrib-1.0.8/mod_bandwidth/mod_bandwidth.c Fri Aug 20 01:59:02 1999
+++ build-tree/apache-contrib-1.0.8/mod_bandwidth/mod_bandwidth.c.mine Tue Feb 19 21:28:01 2002
@@ -340,8 +340,8 @@
#define MIN_BW_DEFAULT 256 /* Minimal bandwidth defaulted to 256Bps */
#define PACKET 1024 /* Sent packet of 1024 bytes */
-#define MASTER_DIR "/tmp/apachebw/master"
-#define LINK_DIR "/tmp/apachebw/link"
+#define MASTER_DIR "/var/lib/apache/mod-bandwidth/master"
+#define LINK_DIR "/var/lib/apache/mod-bandwidth/link"
#ifdef USE_MMAP_FILES
#include <unistd.h>
@@ -745,7 +745,7 @@
* directory.
*/
- if (stat(directory, &fdata) < -1) {
+ if (stat(directory, &fdata) < 0) {
/* Dunno if this may happen... but well... */
return DECLINED;
}
[-- Attachment #1.4: suexec_combined --]
[-- Type: text/plain, Size: 12566 bytes --]
--- build-tree/apache_1.3.27/src/support/suexec.c Thu Mar 8 11:11:43 2001
+++ build-tree/apache_1.3.27/src/support/suexec.c Thu Jan 10 21:00:14 2002
@@ -90,6 +90,7 @@
#include <sys/types.h>
#include <stdarg.h>
+#include <strings.h>
#include "suexec.h"
@@ -165,6 +166,8 @@
"UNIQUE_ID",
"USER_NAME",
"TZ",
+ "HTTPS",
+ "REDIRECT_HTTPS",
NULL
};
@@ -228,7 +231,8 @@
cidx++;
for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
- if (!strncmp(*ep, "HTTP_", 5)) {
+ if (!strncmp(*ep, "HTTP_", 5) ||
+ !strncmp(*ep, "SSL_", 4)) {
cleanenv[cidx] = *ep;
cidx++;
}
@@ -249,6 +253,244 @@
environ = cleanenv;
}
+#define MY_STATE_NORMAL 0
+#define MY_STATE_SPACE 1
+#define MY_STATE_QUOTES 2
+#define MY_STATE_APOSTROPHES 3
+#define MY_STATE_END 4
+
+char** param_separate(char* params, int addl_slots) {
+ int state, actpos, actarg_start, actarg_len, argnum;
+ char **res=0;
+ char backslash=0;
+
+ if (params==0) return(0);
+
+ if (*params==0) {
+ res=(char**)malloc(sizeof(char*)*(1+addl_slots));
+ for (actpos=0;actpos<addl_slots+1;++actpos) res[actpos]=0;
+ return(res);
+ }
+ actpos=0;backslash=0;argnum=0;state=MY_STATE_SPACE;
+ while (state!=MY_STATE_END) {
+ switch (state) {
+
+ case MY_STATE_SPACE:
+ switch (params[actpos]) {
+ case 0 :
+ state=MY_STATE_END;
+ break;
+
+ case ' ' :
+ case '\t':
+ break;
+
+ case '\'':
+ state=MY_STATE_APOSTROPHES;
+ actarg_start=actpos+1;
+ break;
+ case '"':
+ state=MY_STATE_QUOTES;
+ actarg_start=actpos+1;
+ break;
+ default:
+ state=MY_STATE_NORMAL;
+ actarg_start=actpos;
+ }
+ break;
+
+ case MY_STATE_NORMAL:
+
+ switch (params[actpos]) {
+ case 0 :
+ state=MY_STATE_END;
+ ++argnum;
+ actarg_len=actpos-actarg_start;
+ break;
+
+ case ' ':
+ case '\t':
+ state=MY_STATE_SPACE;
+ ++argnum;
+ actarg_len=actpos-actarg_start;
+ break;
+ }
+ break;
+
+ case MY_STATE_APOSTROPHES:
+
+ switch (params[actpos]) {
+ case 0 :
+ state=MY_STATE_END;
+ ++argnum;
+ actarg_len=actpos-actarg_start;
+ break;
+
+ case '\\':
+ backslash=1-backslash;
+ break;
+
+ case '\'':
+ if (! backslash) {
+ state=MY_STATE_SPACE;
+ ++argnum;
+ actarg_len=actpos-actarg_start;
+ }
+ break;
+ }
+ if (params[actpos]!='\\') backslash=0;
+ break;
+
+ case MY_STATE_QUOTES:
+
+ switch (params[actpos]) {
+ case 0 :
+ state=MY_STATE_END;
+ ++argnum;
+ actarg_len=actpos-actarg_start;
+ break;
+
+ case '\\':
+ backslash=1-backslash;
+ break;
+
+ case '"':
+ if (! backslash) {
+ state=MY_STATE_SPACE;
+ ++argnum;
+ actarg_len=actpos-actarg_start;
+ }
+ break;
+ }
+ if (params[actpos]!='\\') backslash=0;
+ break;
+ }
+ actpos++;
+ }
+
+ res=(char**)malloc(sizeof(char*)*(argnum+1+addl_slots));
+ for (actpos=0;actpos<argnum+addl_slots+1;++actpos) res[actpos]=0;
+
+
+ actpos=0;backslash=0;argnum=0;state=MY_STATE_SPACE;
+ while (state!=MY_STATE_END) {
+ switch (state) {
+
+ case MY_STATE_SPACE:
+ switch (params[actpos]) {
+ case 0 :
+ state=MY_STATE_END;
+ break;
+
+ case ' ' :
+ case '\t':
+ break;
+
+ case '\'':
+ state=MY_STATE_APOSTROPHES;
+ actarg_start=actpos+1;
+ break;
+ case '"':
+ state=MY_STATE_QUOTES;
+ actarg_start=actpos+1;
+ break;
+ default:
+ state=MY_STATE_NORMAL;
+ actarg_start=actpos;
+ }
+ break;
+
+ case MY_STATE_NORMAL:
+
+ switch (params[actpos]) {
+ case 0 :
+ state=MY_STATE_END;
+ actarg_len=actpos-actarg_start;
+ res[argnum]=(char*)malloc(actarg_len+1);
+ strncpy(res[argnum],¶ms[actarg_start],actarg_len);
+ res[argnum][actarg_len]=0;
+ ++argnum;
+ break;
+
+ case ' ':
+ case '\t':
+ state=MY_STATE_SPACE;
+ actarg_len=actpos-actarg_start;
+ res[argnum]=(char*)malloc(actarg_len+1);
+ strncpy(res[argnum],¶ms[actarg_start],actarg_len);
+ res[argnum][actarg_len]=0;
+ ++argnum;
+ break;
+ }
+ break;
+
+ case MY_STATE_APOSTROPHES:
+
+ switch (params[actpos]) {
+ case 0 :
+ state=MY_STATE_END;
+ actarg_len=actpos-actarg_start;
+ res[argnum]=(char*)malloc(actarg_len+1);
+ strncpy(res[argnum],¶ms[actarg_start],actarg_len);
+ res[argnum][actarg_len]=0;
+ ++argnum;
+ break;
+
+ case '\\':
+ backslash=1-backslash;
+ break;
+
+ case '\'':
+ if (! backslash) {
+ state=MY_STATE_SPACE;
+ actarg_len=actpos-actarg_start;
+ res[argnum]=(char*)malloc(actarg_len+1);
+ strncpy(res[argnum],¶ms[actarg_start],actarg_len);
+ res[argnum][actarg_len]=0;
+ ++argnum;
+ }
+ break;
+ }
+ if (params[actpos]!='\\') backslash=0;
+ break;
+
+ case MY_STATE_QUOTES:
+
+ switch (params[actpos]) {
+ case 0 :
+ state=MY_STATE_END;
+ actarg_len=actpos-actarg_start;
+ res[argnum]=(char*)malloc(actarg_len+1);
+ strncpy(res[argnum],¶ms[actarg_start],actarg_len);
+ res[argnum][actarg_len]=0;
+ ++argnum;
+ break;
+
+ case '\\':
+ backslash=1-backslash;
+ break;
+
+ case '"':
+ if (! backslash) {
+ state=MY_STATE_SPACE;
+ actarg_len=actpos-actarg_start;
+ res[argnum]=(char*)malloc(actarg_len+1);
+ strncpy(res[argnum],¶ms[actarg_start],actarg_len);
+ res[argnum][actarg_len]=0;
+ ++argnum;
+ }
+ break;
+ }
+ if (params[actpos]!='\\') backslash=0;
+ break;
+ }
+ actpos++;
+ }
+
+ return(res);
+}
+
+
int main(int argc, char *argv[])
{
int userdir = 0; /* ~userdir flag */
@@ -261,6 +503,10 @@
char *actual_gname; /* actual group name */
char *prog; /* name of this program */
char *cmd; /* command to be executed */
+
+ int ind, ind2;
+ char **passedargv = 0;
+
char cwd[AP_MAXPATH]; /* current working directory */
char dwd[AP_MAXPATH]; /* docroot working directory */
struct passwd *pw; /* password entry holder */
@@ -534,8 +780,18 @@
/*
* Error out if we cannot stat the program.
*/
- if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
- log_err("error: cannot stat program: (%s)\n", cmd);
+ passedargv=param_separate(cmd,argc-4);
+ for (ind=0; passedargv[ind]; ++ind);
+ for (ind2=4;ind2<argc;++ind2,++ind) {
+ if (argv[ind2]!=0) if (argv[ind2][0]!=0) passedargv[ind]=strdup(argv[ind2]);
+ if (passedargv[ind]==0) {
+ passedargv[ind]=malloc(1);
+ passedargv[ind][0]=0;
+ }
+ }
+
+ if (((lstat(passedargv[0], &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
+ log_err("error: cannot stat program: (%s)\n", passedargv[0]);
exit(117);
}
@@ -543,7 +799,7 @@
* Error out if the program is writable by others.
*/
if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) {
- log_err("error: file is writable by others: (%s/%s)\n", cwd, cmd);
+ log_err("error: file is writable by others: (%s/%s)\n", cwd, passedargv[0]);
exit(118);
}
@@ -551,7 +807,7 @@
* Error out if the file is setuid or setgid.
*/
if ((prg_info.st_mode & S_ISUID) || (prg_info.st_mode & S_ISGID)) {
- log_err("error: file is either setuid or setgid: (%s/%s)\n", cwd, cmd);
+ log_err("error: file is either setuid or setgid: (%s/%s)\n", cwd, passedargv[0]);
exit(119);
}
@@ -576,7 +832,7 @@
* "[error] Premature end of script headers: ..."
*/
if (!(prg_info.st_mode & S_IXUSR)) {
- log_err("error: file has no execute permission: (%s/%s)\n", cwd, cmd);
+ log_err("error: file has no execute permission: (%s/%s)\n", cwd, passedargv[0]);
exit(121);
}
@@ -609,6 +865,8 @@
/*
* Execute the command, replacing our image with its own.
*/
+ execv(passedargv[0], passedargv);
+#if 0
#ifdef NEED_HASHBANG_EMUL
/* We need the #! emulation when we want to execute scripts */
{
@@ -619,7 +877,7 @@
#else /*NEED_HASHBANG_EMUL*/
execv(cmd, &argv[3]);
#endif /*NEED_HASHBANG_EMUL*/
-
+#endif
/*
* (I can't help myself...sorry.)
*
@@ -629,5 +887,10 @@
* Oh well, log the failure and error out.
*/
log_err("emerg: (%d)%s: exec failed (%s)\n", errno, strerror(errno), cmd);
+
+ for (ind=0;passedargv[ind];++ind) free(passedargv[ind]);
+ free(passedargv);
+ passedargv=0;
+
exit(255);
}
[-- Attachment #1.5: suexec_of_death --]
[-- Type: text/plain, Size: 714 bytes --]
--- build-tree/apache_1.3.27/src/main/http_core.c
+++ build-tree/apache_1.3.27/src/main/http_core.c
@@ -1892,8 +1892,9 @@
else {
cmd->server->server_uid = ap_user_id;
fprintf(stderr,
- "Warning: User directive in <VirtualHost> "
+ "ERROR: User directive in <VirtualHost> "
"requires SUEXEC wrapper.\n");
+ exit (1);
}
}
#if !defined (BIG_SECURITY_HOLE) && !defined (OS2)
@@ -1933,8 +1934,9 @@
else {
cmd->server->server_gid = ap_group_id;
fprintf(stderr,
- "Warning: Group directive in <VirtualHost> requires "
+ "ERROR: Group directive in <VirtualHost> requires "
"SUEXEC wrapper.\n");
+ exit (1);
}
}
[-- Attachment #1.6: usr_bin_perl_owns_you --]
[-- Type: text/x-patch, Size: 2626 bytes --]
diff --minimal --new-file --recursive --show-c-function --unified=3 apache_1.3.12.old/cgi-bin/printenv apache_1.3.12/cgi-bin/printenv
--- build-tree/apache_1.3.27/cgi-bin/printenv Wed Nov 24 12:10:58 1999
+++ build-tree/apache_1.3.27/cgi-bin/printenv Sun Apr 16 09:50:04 2000
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
##
## printenv -- demo CGI program which just prints its environment
##
diff --minimal --new-file --recursive --show-c-function --unified=3 apache_1.3.12.old/cgi-bin/printenv.~1~ apache_1.3.12/cgi-bin/printenv.~1~
--- build-tree/apache_1.3.27/cgi-bin/printenv.~1~ Wed Dec 31 18:00:00 1969
+++ build-tree/apache_1.3.27/cgi-bin/printenv.~1~ Sun Apr 16 09:49:43 2000
@@ -0,0 +1,13 @@
+#!/usr/local/bin/perl
+##
+## printenv -- demo CGI program which just prints its environment
+##
+
+print "Content-type: text/plain\n\n";
+foreach $var (sort(keys(%ENV))) {
+ $val = $ENV{$var};
+ $val =~ s|\n|\\n|g;
+ $val =~ s|"|\\"|g;
+ print "${var}=\"${val}\"\n";
+}
+
diff --minimal --new-file --recursive --show-c-function --unified=3 apache_1.3.12.old/src/support/dbmmanage apache_1.3.12/src/support/dbmmanage
--- build-tree/apache_1.3.27/src/support/dbmmanage Sun Nov 28 07:37:53 1999
+++ build-tree/apache_1.3.27/src/support/dbmmanage Sun Apr 16 09:49:43 2000
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
# ====================================================================
# Copyright (c) 1995-1999 The Apache Group. All rights reserved.
diff --minimal --new-file --recursive --show-c-function --unified=3 apache_1.3.12.old/src/support/log_server_status apache_1.3.12/src/support/log_server_status
--- build-tree/apache_1.3.27/src/support/log_server_status Fri Jun 4 10:54:19 1999
+++ build-tree/apache_1.3.27/src/support/log_server_status Sun Apr 16 09:49:43 2000
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
# ====================================================================
# Copyright (c) 1995-1999 The Apache Group. All rights reserved.
diff --minimal --new-file --recursive --show-c-function --unified=3 apache_1.3.12.old/src/support/phf_abuse_log.cgi apache_1.3.12/src/support/phf_abuse_log.cgi
--- build-tree/apache_1.3.27/src/support/phf_abuse_log.cgi Tue Oct 8 16:14:49 1996
+++ build-tree/apache_1.3.27/src/support/phf_abuse_log.cgi Sun Apr 16 09:49:43 2000
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
# This script can be used to detect people trying to abuse the security hole which
# existed in A CGI script direstributed with Apache 1.0.3 and earlier versions.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2003-04-12 22:56 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-12 19:09 [gentoo-dev] Performance once again Benjamin Podszun
2003-04-12 19:13 ` Jon Portnoy
2003-04-12 19:44 ` Benjamin Podszun
2003-04-12 19:54 ` Jon Portnoy
2003-04-12 20:24 ` Brian Jackson
2003-04-12 20:32 ` Benjamin Podszun
2003-04-12 20:38 ` Hasse Hagen Johansen
2003-04-12 20:44 ` Benjamin Podszun
2003-04-12 22:25 ` Martin Schlemmer
2003-04-12 22:55 ` Benjamin Podszun [this message]
2003-04-12 23:30 ` Martin Schlemmer
2003-04-13 15:46 ` Benjamin Podszun
2003-04-13 18:11 ` Martin Schlemmer
2003-04-13 21:20 ` Benjamin Podszun
2003-04-12 20:45 ` Robin H.Johnson
2003-04-12 21:46 ` Benjamin Podszun
2003-04-12 22:05 ` leahcim
2003-04-12 22:09 ` Robin H.Johnson
2003-04-12 22:17 ` Brad Laue
2003-04-12 22:35 ` Benjamin Podszun
[not found] ` <1050187146.3931.12.camel@nexus6.musikcheck.dk>
2003-04-12 22:51 ` Benjamin Podszun
2003-04-13 0:22 ` Brad Laue
2003-04-12 22:32 ` Terje Kvernes
2003-04-14 8:51 ` Václav Hůla
2003-04-14 9:03 ` Benjamin Podszun
2003-04-14 9:33 ` Paul de Vrieze
2003-04-14 12:30 ` Dar-Klajid
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1050188138.4931.51.camel@blafasel \
--to=ben@galactic-tales.de \
--cc=azarah@gentoo.org \
--cc=gentoo-dev@gentoo.org \
--cc=hhj@musikcheck.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox