Re: Re[4]: [cgiwrap-users] cgiwrap 3.8 beta PHP rewriting troubles

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

script_url patch modified and applied. Not going to apply the other -
strikes me as dangerous as it falls back to trying to do something that
the caller might not have intended. Not sure why anyone would need to
refer to users with their UID. If their username is numeric, it should
already work with existing code.

-- Nathan

On Sat, 2003-05-17 at 09:00, Gabriel Ambuehl wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Hello Nathan,
> 
> Saturday, May 17, 2003, 2:34:58 PM, you wrote:
> 
> 
> >> What do you call regular scripts? Stuff in ScriptAlias directories?
> >> Users don't have access to ScriptAlias. I'll probably store cgiwrap
> in
> >> cgiwrap/cgiwrap as to not interfere with users's own cgi-bin (which
> >> right now is suexec and ExecCGI but I suppose I can dump ExecCGI
> >> anyway).
> 
> > Anything that would allow a regular user to execute code under their
> > control and have it run as the server userid.
> 
> Ah well I'm aware of that of course.
> 
> 
> Here's a patch I'd like to see integrated. It allows for
> numerical userids (some people love those):
> 
> - --- cgiwrap-3.8-rc1/cgiwrap.c   Tue May 13 17:54:49 2003
> +++ cgiwrap.c   Sat May 17 15:32:16 2003
> @@ -109,7 +109,10 @@
>         /* user - fetch this information from the passwd file or NIS
> */
>         if ( !(user = getpwnam(userStr)) )
>         {
> - -               MSG_Error_NoSuchUser(userStr);
> +               if ( !(user = getpwuid( atoi(userStr) )) )
> +               {
> +                       MSG_Error_NoSuchUser(userStr);
> +               }
>         }
>         memcpy(&Context.user, user, sizeof(struct passwd));
> 
> 
> 
> Another thing I'd like would be an option to set SCRIPT_NAME to the
> value of SCRIPT_VALUE. I there might have messed up something with
> configure.in, I HATE working with autoconf.
> 
> 
> - --- cgiwrap-3.8-rc1/configure.in        Tue May 13 17:54:49 2003
> +++ cgiwrap-3.8-rc1_bak/configure.in    Sat May 17 15:26:01 2003
> @@ -50,6 +50,26 @@
>                 AC_MSG_RESULT([disabled])
>         ])
> 
> +dnl
> +dnl Set SCRIPT_NAME to SCRIPT_URL
> +dnl
> +AC_MSG_CHECKING(for script-url-equals-script-name)
> +AC_ARG_WITH( script-url-equals-script-name,
> +        [  --with-script-url-equals-script-name]
> +        [  set SCRIPT_NAME to SCRIPT_URL, with Apache, SCRIPT_URL
> will be the path the user supplied],
> +        [
> +                if test "x$withval" != xno; then
> +                        AC_DEFINE(CONF_SCRIPT_URL_EQUALS_SCRIPT_NAME,
> [], [set SCRIPT_NAME to SCRIPT_URL, with Apache, SCRIPT_URL will be
> the path the user supplied])
> +                        AC_MSG_RESULT([enabled])
> +                else
> +                        AC_MSG_RESULT([disabled])
> +                fi
> +        ],
> +        [
> +                AC_MSG_RESULT([disabled])
> +        ])
> +
> +
>  AC_MSG_CHECKING(for require-redirect-url)
>  AC_ARG_WITH( require-redirect-url,
>         [  --with-require-redirect-url]
> 
> diff -u cgiwrap-3.8-rc1/util.c cgiwrap-3.8-rc1_bak/util.c
> - --- cgiwrap-3.8-rc1/util.c      Tue May 13 17:54:50 2003
> +++ cgiwrap-3.8-rc1_bak/util.c  Sat May 17 15:39:37 2003
> @@ -1288,6 +1288,16 @@
>                 return;
>         }
>  #endif
> +#if defined(CONF_SCRIPT_URL_EQUALS_SCRIPT_NAME)
> +       name = getenv("SCRIPT_URL");
> +       if ( name ) {
> +               buf = (char*) SafeMalloc (strlen("SCRIPT_NAME=") +
> strlen(name) + 3, "new SCRIPT_NAME environment variable");
> +               sprintf(buf, "SCRIPT_NAME=%s", name);
> +               SafePutenv(buf,  "set SCRIPT_NAME environment
> variable");
> +               return;
> +       }
> +
> +#endif
> 
>         name = getenv("SCRIPT_NAME");
>         if ( name ) {
> 
> 
> 
> 
> 
> Best regards,
>  Gabriel
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.0.2i
> 
> iQEVAwUBPsYyecZa2WpymlDxAQHMOQf+OKAPC2i7YbXh5dc9r944kVQj3sh40rms
> 4jF/X0kJrrgcaXmXsHXhw8C9ve5knvBZMp9BS6XEBngHUGe75DhoTwObZqQlRLQ0
> Qz36vRm6kOv4Ti1PHRmc5CuucfYP6byoPE+e85QznObdX14DvkvlwX/8QgOPrJrR
> 6DiIodjJZRaO8aabI0oSxUlih8mX9hYjAMuEt0M7SstnJbd8Z5+laIX/c6Qrum8C
> mFsDM7V/zMMnYn+XC4Yc9e/yMsXk761JzvsaMo02Rh5Q2mX0koIxJWjMLXHgB5h5
> p/D3N6hxFc8qGMNmFBE3VkKhjzv4CU/QCQi7KHoIdSvPLDwVOQMIVw==
> =5td0
> -----END PGP SIGNATURE-----
-- 

------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216