Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Release 1.7

new:
* New Security Model now mandatory
* PATH_INFO support, based on code by Rob Sayers and Denis Fortin

enhanced:
* Additional security and sanity checks during installation

fixes:
* Repairs taintperl bug introduced in 1.6.2 (will pass perl -T again)
* Redirects now properly aware of port number (except Generic)
  • Loading branch information...
commit 80e1f891619001fc7c6c2211d9bb1d4ca1addb01 1 parent 568ca98
Cameron Kaiser authored Mark Olesen committed
View
16 ChangeLog
@@ -1,3 +1,17 @@
+Changes in 1.7:
+
+ ** This document changes from "since" to "in" starting with this
+ new version of HTTPi, covering changes from 1.6.2 to 1.7.
+
+ new:
+ * New Security Model now mandatory
+ * PATH_INFO support, based on code by Rob Sayers and Denis Fortin
+ enhanced:
+ * Additional security and sanity checks during installation
+ fixes:
+ * Repairs taintperl bug introduced in 1.6.2 (will pass perl -T again)
+ * Redirects now properly aware of port number (except Generic)
+
Changes since 1.6.1:
fixes:
@@ -193,7 +207,7 @@ Changes since first 1.0:
* fixed configure-time bug that caused syntax errors if preparsing
not turned on. duh. (thanks Fergus Gallagher)
* better socket handling for Demonic
-
+
Changes since 0.99:
* logging. one final change: user, since it's not through identd,
View
85 Manifest
@@ -1,52 +1,53 @@
-total 293
--rw-r--r-- 1 spectre staff 11167 Nov 04 20:53 ChangeLog
--rw-r--r-- 1 spectre staff 4988 Nov 04 20:53 INSTALL
--rw-r--r-- 1 spectre staff 14951 Nov 04 20:53 LICENSE
--rw-r--r-- 1 spectre staff 3070 Nov 04 20:53 Makefile
--rw-r--r-- 1 spectre staff 206 Nov 04 20:53 Makefile.PL
--rw-r--r-- 1 spectre staff 1120 Nov 04 20:53 README
--rw-r--r-- 1 spectre staff 514 Nov 04 20:53 THANKS
--rw-r--r-- 1 spectre staff 542 Nov 04 20:53 UPGRADING
--rw-r--r-- 1 spectre staff 64 Nov 04 20:53 VERSION
-lrwxrwxrwx 1 spectre staff 15 Nov 04 20:53 configure@ -> configure.inetd
--rw-r--r-- 1 spectre staff 8854 Nov 04 20:53 configure.demonic
--rw-r--r-- 1 spectre staff 2401 Nov 04 20:53 configure.generic
--rw-r--r-- 1 spectre staff 10277 Nov 04 20:53 configure.inetd
--rw-r--r-- 1 spectre staff 8761 Nov 04 20:53 configure.launchd
--rw-r--r-- 1 spectre staff 7697 Nov 04 20:53 configure.stunnel
--rw-r--r-- 1 spectre staff 8528 Nov 04 20:53 configure.xinetd
--rw-r--r-- 1 spectre staff 25512 Nov 04 20:53 conquests.pl
--rw-r--r-- 1 spectre staff 7293 Nov 04 20:53 consubs.pl
--rw-r--r-- 1 spectre staff 20519 Nov 04 20:53 httpi.in
--rw-r--r-- 1 spectre staff 138 Nov 04 20:53 modules.in
--rw-r--r-- 1 spectre staff 592 Nov 04 20:53 sockcons.c
--rw-r--r-- 1 spectre staff 134 Nov 04 20:53 sockcons.pl
-drwxr-xr-x 2 spectre staff 512 Nov 04 20:53 stock/
-drwxr-xr-x 3 spectre staff 512 Nov 04 20:53 tools/
-drwxr-xr-x 2 spectre staff 512 Nov 04 20:53 toys/
--rw-r--r-- 1 spectre staff 967 Nov 04 20:53 userfunc.in
--rw-r--r-- 1 spectre staff 2571 Nov 04 20:53 uservar.in
+total 299
+-rw-r--r-- 1 spectre staff 11636 Feb 22 09:51 ChangeLog
+-rw-r--r-- 1 spectre staff 4988 Feb 22 09:51 INSTALL
+-rw-r--r-- 1 spectre staff 14951 Feb 22 09:51 LICENSE
+-rw-r--r-- 1 spectre staff 3070 Feb 22 09:51 Makefile
+-rw-r--r-- 1 spectre staff 206 Feb 22 09:51 Makefile.PL
+-rw-r--r-- 1 spectre staff 1120 Feb 22 09:51 README
+-rw-r--r-- 1 spectre staff 525 Feb 22 09:51 THANKS
+-rw-r--r-- 1 spectre staff 203 Feb 22 09:51 TODO
+-rw-r--r-- 1 spectre staff 542 Feb 22 09:51 UPGRADING
+-rw-r--r-- 1 spectre staff 62 Feb 22 09:51 VERSION
+lrwxrwxrwx 1 spectre staff 15 Feb 22 09:51 configure@ -> configure.inetd
+-rw-r--r-- 1 spectre staff 8915 Feb 22 09:51 configure.demonic
+-rw-r--r-- 1 spectre staff 2455 Feb 22 09:51 configure.generic
+-rw-r--r-- 1 spectre staff 10316 Feb 22 09:51 configure.inetd
+-rw-r--r-- 1 spectre staff 8800 Feb 22 09:51 configure.launchd
+-rw-r--r-- 1 spectre staff 7748 Feb 22 09:51 configure.stunnel
+-rw-r--r-- 1 spectre staff 8579 Feb 22 09:51 configure.xinetd
+-rw-r--r-- 1 spectre staff 25682 Feb 22 09:51 conquests.pl
+-rw-r--r-- 1 spectre staff 8358 Feb 22 09:51 consubs.pl
+-rw-r--r-- 1 spectre staff 21015 Feb 22 09:51 httpi.in
+-rw-r--r-- 1 spectre staff 138 Feb 22 09:51 modules.in
+-rw-r--r-- 1 spectre staff 592 Feb 22 09:51 sockcons.c
+-rw-r--r-- 1 spectre staff 134 Feb 22 09:51 sockcons.pl
+drwxr-xr-x 2 spectre staff 512 Feb 22 09:51 stock/
+drwxr-xr-x 3 spectre staff 512 Feb 22 09:51 tools/
+drwxr-xr-x 2 spectre staff 512 Feb 22 09:51 toys/
+-rw-r--r-- 1 spectre staff 967 Feb 22 09:51 userfunc.in
+-rw-r--r-- 1 spectre staff 2571 Feb 22 09:51 uservar.in
./stock:
-total 50
--rw-r--r-- 1 spectre staff 20519 Nov 04 20:53 httpi.in
--rw-r--r-- 1 spectre staff 138 Nov 04 20:53 modules.in
--rw-r--r-- 1 spectre staff 967 Nov 04 20:53 userfunc.in
--rw-r--r-- 1 spectre staff 2571 Nov 04 20:53 uservar.in
+total 51
+-rw-r--r-- 1 spectre staff 21015 Feb 22 09:51 httpi.in
+-rw-r--r-- 1 spectre staff 138 Feb 22 09:51 modules.in
+-rw-r--r-- 1 spectre staff 967 Feb 22 09:51 userfunc.in
+-rw-r--r-- 1 spectre staff 2571 Feb 22 09:51 uservar.in
./tools:
total 7
--rwxr-xr-x 1 spectre staff 1402 Nov 04 20:53 browsed*
--rwxr-xr-x 1 spectre staff 598 Nov 04 20:53 crapword*
--rwxr-xr-x 1 spectre staff 327 Nov 04 20:53 noodle*
-drwxr-xr-x 2 spectre staff 512 Nov 04 20:53 phproxy/
+-rwxr-xr-x 1 spectre staff 1402 Feb 22 09:51 browsed*
+-rwxr-xr-x 1 spectre staff 598 Feb 22 09:51 crapword*
+-rwxr-xr-x 1 spectre staff 339 Feb 22 09:51 noodle*
+drwxr-xr-x 2 spectre staff 512 Feb 22 09:51 phproxy/
./tools/phproxy:
total 12
--rw-r--r-- 1 spectre staff 1474 Nov 04 20:53 README
--rw-r--r-- 1 spectre staff 237 Nov 04 20:53 add_to_modules.in
--rwxr-xr-x 1 spectre staff 3245 Nov 04 20:53 phproxy*
--rw-r--r-- 1 spectre staff 21 Nov 04 20:53 phproxy_test.php
+-rw-r--r-- 1 spectre staff 1474 Feb 22 09:51 README
+-rw-r--r-- 1 spectre staff 237 Feb 22 09:51 add_to_modules.in
+-rwxr-xr-x 1 spectre staff 3245 Feb 22 09:51 phproxy*
+-rw-r--r-- 1 spectre staff 21 Feb 22 09:51 phproxy_test.php
./toys:
total 3
--rw-r----- 1 spectre staff 1310 Nov 04 20:53 httpismall.gif
+-rw-r----- 1 spectre staff 1310 Feb 22 09:51 httpismall.gif
View
5 THANKS
@@ -2,6 +2,9 @@ Thanks to those who have reported errors and deficiencies in HTTPi,
contributed code suggestions, and just been generally helpful folks:
Bill Benedetto (since 0.1 :-)
+Mark Olesen
+Rob Sayers
+Chris Dagdigian
Fergus Gallagher
Marc Slemko
Aaron Spangler
@@ -10,10 +13,8 @@ Marcus Kreutzberger
Henry Ptasinski
Denis Fortin
Nick Brown
-Chris Dagdigian
Robert Brown
Al Guintu
-Mark Olesen
See the ChangeLog for specific contributions and notes from users.
View
8 TODO
@@ -0,0 +1,8 @@
+For 1.8:
+-------
+
+explicit error log
+get Mpp.pm working on Perl 5.005 and use the new parser
+allow static gzipped documents (gztest/)
+nurse processes to watch executables and scripts for proper logging
+
View
4 VERSION
@@ -1,2 +1,2 @@
-httpi-1.6.2
-Copyright 1998-2009 Cameron Kaiser and Contributors
+httpi-1.7
+Copyright 1998-2010 Cameron Kaiser and Contributors
View
15 configure.demonic
@@ -1,11 +1,15 @@
$DEF_MDEMONIC = 1;
+$DEF_MSTUNNEL = 0;
+$DEF_MGENERIC = 0;
$DEF_CONF_TYPE = "Demonic";
-eval 'require "consubs.pl";'; die(<<"EOF") if ($@);
+eval 'require "./consubs.pl";'; die(<<"EOF") if ($@);
Could not load consubs.pl, which is required for running the configure script.
Please make sure it's in the current directory.
+($@)
+
EOF
&prompt(<<"EOF", "") unless ($DEFAULT);
@@ -46,12 +50,14 @@ a proper OS. :-)
EOF
$DEF_CANFORK = 1;
-eval 'require "conquests.pl";'; die(<<"EOF") if ($@);
+eval 'require "./conquests.pl";'; die(<<"EOF") if ($@);
Could not load conquests.pl, which is required as part of the standard
questions suite for all of the configure scripts. Please make sure it's in
the current directory.
+($@)
+
EOF
$DEF_MVIRTFILES = &prompt(<<"EOF", "n", 1);
@@ -259,8 +265,11 @@ print "Writing out the configured httpi to $INSTALL_PATH ... ";
Couldn't write out the new httpi. Check permissions on httpi.in in the
current directory and the destination path.
+(Error was: $!)
+
EOF
-print T &preproc(\*S); close(T); close(S);
+print T &preproc(\*S);
+close(T);
print "done.\n\n";
print "chmod()ding $INSTALL_PATH to 0755 ... ";
View
10 configure.generic
@@ -1,12 +1,16 @@
$DEF_ARCH = "???";
$DEF_CONF_TYPE = "Generic";
$DEF_MDEMONIC = 0;
+$DEF_MGENERIC = 1;
+$DEF_MSTUNNEL = 0;
-eval 'require "consubs.pl";'; die(<<"EOF") if ($@);
+eval 'require "./consubs.pl";'; die(<<"EOF") if ($@);
Could not load consubs.pl, which is required for running the configure script.
Please make sure it's in the current directory.
+($@)
+
EOF
&prompt(<<"EOF", "");
@@ -34,12 +38,14 @@ TO RUN HTTPi IN THE GENERIC CONFIGURATION.
Press ENTER to continue, or BREAK/CTRL-C to bail out now:
EOF
-eval 'require "conquests.pl";'; die(<<"EOF") if ($@);
+eval 'require "./conquests.pl";'; die(<<"EOF") if ($@);
Could not load conquests.pl, which is required as part of the standard
questions suite for all of the configure scripts. Please make sure it's in
the current directory.
+($@)
+
EOF
$j = &prompt(<<"EOF", "");
View
7 configure.inetd
@@ -1,8 +1,9 @@
$DEF_MDEMONIC = 0;
$DEF_MSTUNNEL = 0;
+$DEF_MGENERIC = 0;
$DEF_CONF_TYPE = "inetd";
-eval 'require "consubs.pl";'; die(<<"EOF") if ($@);
+eval 'require "./consubs.pl";'; die(<<"EOF") if ($@);
Could not load consubs.pl, which is required for running the configure script.
Please make sure it's in the current directory.
@@ -85,7 +86,7 @@ running and active. You *do* have inetd, don't you?
EOF
-eval 'require "conquests.pl";'; die(<<"EOF") if ($@);
+eval 'require "./conquests.pl";'; die(<<"EOF") if ($@);
Could not load conquests.pl, which is required as part of the standard
questions suite for all of the configure scripts. Please make sure it's in
@@ -174,7 +175,7 @@ hangs when you try to access it, you must disable this restriction ('n').
Restrict HTTPi to a single process?
EOF
-$PORT_NO = &prompt(<<"EOF", "80") unless (!$DO_INSTALL);
+$DEF_TCP_PORT = $PORT_NO = &prompt(<<"EOF", "80") unless (!$DO_INSTALL);
What numerical TCP port do you want the webserver to run on? 80 is the default
but if you're using configure to build multiple HTTPis on multiple ports,
make sure you give a different answer this time.
View
7 configure.launchd
@@ -1,8 +1,9 @@
$DEF_MDEMONIC = 0;
$DEF_MSTUNNEL = 0;
+$DEF_MGENERIC = 0;
$DEF_CONF_TYPE = "launchd";
-eval 'require "consubs.pl";'; die(<<"EOF") if ($@);
+eval 'require "./consubs.pl";'; die(<<"EOF") if ($@);
Could not load consubs.pl, which is required for running the configure script.
Please make sure it's in the current directory.
@@ -70,7 +71,7 @@ EOF
&firstchecks;
-eval 'require "conquests.pl";'; die(<<"EOF") if ($@);
+eval 'require "./conquests.pl";'; die(<<"EOF") if ($@);
Could not load conquests.pl, which is required as part of the standard
questions suite for all of the configure scripts. Please make sure it's in
@@ -158,7 +159,7 @@ multiple sockets. Make sure that ports don't conflict either.
Which IP address to bind to?
EOF
-$PORT_NO = &prompt(<<"EOF", "80") unless (!$DO_INSTALL);
+$DEF_TCP_PORT = $PORT_NO = &prompt(<<"EOF", "80") unless (!$DO_INSTALL);
What numerical TCP port do you want the webserver to run on? 80 is the default
but if you're using configure to build multiple HTTPis on multiple ports,
make sure you give a different answer this time.
View
11 configure.stunnel
@@ -2,13 +2,16 @@
$DEF_MDEMONIC = 0;
$DEF_MSTUNNEL = 1;
+$DEF_MGENERIC = 0;
$DEF_CONF_TYPE = "stunnel";
-eval 'require "consubs.pl";'; die(<<"EOF") if ($@);
+eval 'require "./consubs.pl";'; die(<<"EOF") if ($@);
Could not load consubs.pl, which is required for running the configure script.
Please make sure it's in the current directory.
+($@)
+
EOF
&prompt(<<"EOF", "") unless ($DEFAULT);
@@ -95,12 +98,14 @@ You need to have this file set up and configured BEFORE you run this script.
EOF
}
-eval 'require "conquests.pl";'; die(<<"EOF") if ($@);
+eval 'require "./conquests.pl";'; die(<<"EOF") if ($@);
Could not load conquests.pl, which is required as part of the standard
questions suite for all of the configure scripts. Please make sure it's in
the current directory.
+($@)
+
EOF
unless (!$DO_INSTALL) {
@@ -119,7 +124,7 @@ EOF
$IP_ADDR = ($IP_ADDR eq 'default') ? '' : "${IP_ADDR}:";
-$PORT_NO = &prompt(<<"EOF", "443");
+$DEF_TCP_PORT = $PORT_NO = &prompt(<<"EOF", "443");
What numerical TCP port do you want the webserver to run on? 443 is the default
for HTTPS, but if you're using configure to build multiple HTTPis on multiple
ports, make sure you give a different answer this time.
View
11 configure.xinetd
@@ -1,12 +1,15 @@
$DEF_MDEMONIC = 0;
$DEF_MSTUNNEL = 0;
+$DEF_MGENERIC = 0;
$DEF_CONF_TYPE = "xinetd";
-eval 'require "consubs.pl";'; die(<<"EOF") if ($@);
+eval 'require "./consubs.pl";'; die(<<"EOF") if ($@);
Could not load consubs.pl, which is required for running the configure script.
Please make sure it's in the current directory.
+($@)
+
EOF
&prompt(<<"EOF", "") unless ($DEFAULT);
@@ -75,12 +78,14 @@ this message spuriously. Sorry. Symlink it, or something.
EOF
-eval 'require "conquests.pl";'; die(<<"EOF") if ($@);
+eval 'require "./conquests.pl";'; die(<<"EOF") if ($@);
Could not load conquests.pl, which is required as part of the standard
questions suite for all of the configure scripts. Please make sure it's in
the current directory.
+($@)
+
EOF
$USER_ID = &prompt(<<"EOF", $ENV{'SUDO_USER'} || $ENV{'USER'} || 'nobody') unless (!$DO_INSTALL);
@@ -130,7 +135,7 @@ multiple sockets. Make sure that ports don't conflict either.
Which IP address to bind to?
EOF
-$PORT_NO = &prompt(<<"EOF", "80");
+$DEF_TCP_PORT = $PORT_NO = &prompt(<<"EOF", "80");
What numerical TCP port do you want the webserver to run on? 80 is the default
but if you're using configure to build multiple HTTPis on multiple ports,
make sure you give a different answer this time.
View
72 conquests.pl
@@ -1,4 +1,3 @@
-$HOSTNAME = &wherecheck('Finding hostname', 'hostname');
$DEF_MCANALARM = &yncheck('Can we use alarm()?', 'alarm 0;');
unless ($DEF_CANFORK) {
$DEF_CANFORK = $q = &yncheck("Can we fork()?",
@@ -108,7 +107,7 @@
network constant now actually makes an effort to be portable. If you know
that your system's AF_INET macro is something other than two, enter it here.
(I have yet to find an OS where it wasn't, but I'm sure they're out there,
-although it was 2 on AIX, Darwin/OS X, SCO, HP/UX, Solaris, NetBSD and Linux.)
+although it was 2 on AIX, Darwin/OS X, SCO, HP/UX, Solaris, NetBSD and Linux.)
If you don't know what this is, accept the default -- it's probably correct.
@@ -167,7 +166,7 @@
EOF
$q = 0; $j = '';
-($ENV{'TZ'} =~ /[A-Z]+([0-9]+)[A-Z]+/) && ($q = "-" . substr("0${1}00",
+($ENV{'TZ'} =~ /[A-Z]+([0-9]+)[A-Z]+/) && ($q = "-" . substr("0${1}00",
length("0${1}00") - 4, 4));
$j = <<"EOF" if ($q);
(I made a guess based on your TZ environment variable, which is $ENV{'TZ'}.
@@ -176,7 +175,7 @@
$DEF_TIME_ZONE = &prompt(<<"EOF", $q || "+0000", 1);
HTTPi does CERN logging format making it compatible with most log analysers.
However, to make it as compatible as possible on as wide a range of Perls as
-possible, it doesn't do locale() work to find out what your timezone is.
+possible, it doesn't do locale() work to find out what your timezone is.
$j
If you don't care, you can accept the default. If you do, enter a
five-character timezone here (e.g., if you're on Pacific time, like I am,
@@ -184,7 +183,7 @@
EOF
$DEF_MRESTRICTIONS = &prompt(<<"EOF", "y", 1);
-HTTPi's answer to .htaccess and access control is the restriction matrix,
+HTTPi's answer to .htaccess and access control is the restriction matrix,
allowing access control based on IP address, agent/browser type, and a user
list you can specify with HTTP Basic Auth. For example, the restriction
matrix can restrict access to a certain page only to user fred from the
@@ -266,7 +265,7 @@
serve content and a lot of status 100 in the server log.
To get around this problem, in addition to the execute bit HTTPi can be told
-to only execute certain specific file extensions (i.e., they must both be
+to only execute certain specific file extensions (i.e., they must both be
executable, and have an allowed extension). This is generally not preferred
but may be needed depending on your particular environment. For speed, this
includes only the following: [\\-\\._](exe|[ckpba]*sh|p[er]*l|cgi|cmd|com)\$. Only
@@ -369,30 +368,39 @@
$DEF_NAMEREDIR = (($q eq 'y') ? 1 : 0);
-$q = &prompt(<<"EOF", "y", 1);
-The New Security Model, introduced in 1.4, adds a additional level of control
-over how files are served.
-
-In the older model, HTTPi only changed uid for executables. In this model,
-HTTPi changes uid for *all* files, meaning even preparsed documents cannot
-take over the webserver. Furthermore, you can specify a uid for which it and
-all UIDs lower, is illegal: the server will not change uid to them, and will
-not, as a consequence, serve files owned by them (root uid is always illegal)
+$q = &prompt(<<"EOF", "n", 1);
+New in HTTPi 1.7 is the ability to use PATH_INFO (and have executables make
+up "virtual filesystems" just like in other webservers). If you already know
+what this is, you'll already be pressing y(es), but this function is currently
+experimental. Because it has the potential for collision problems, you should
+not enable it unless you think you need it, and it currently defaults to n.
+
+Enable PATH_INFO support?
+EOF
+
+$DEF_PATHINFO = (($q eq 'y') ? 1 : 0);
+
+&prompt(<<"EOF", "");
+
+Now for the security section.
+
+Starting with HTTPi 1.7, if you are running as root, HTTPi transforms itself
+into the owner of the document it is accessing, even if it is not executable.
+This means that as soon as content serving begins, a document (even parsable)
+can't take over the webserver. Furthermore, you can specify a uid for which it
+and all UIDs lower, is illegal: the server won't change uid to them and also
+won't, as a consequence, serve files owned by them (root uid is always illegal)
or run executables on behalf of them (again, root uid is always illegal too).
Other consequences exist -- PLEASE READ THE DOCUMENTATION FIRST.
-The New Security Model is ONLY SALIENT IF YOU RUN HTTPi AS ROOT. Otherwise,
-it simply adds bulk and overhead. It is also only relevant to Un*xy worlds.
-
-As of 1.5, the New Security Model is now well-tested enough that it is the
-strongly recommended default. It may break old installations, so the choice
-is still offered, but if you use the user filesystem or preparsing and you
-are running your server as root, it is strongly recommended.
+Even if you do not run HTTPi as root, certain security restrictions are
+still enforced for you, even if HTTPi cannot transform its uid (but it still
+may be more secure overall for you to run as an unprivileged user, so your
+decision should be made based on your overall local requirements).
-Use the New Security Model?
+Press RETURN/ENTER to continue.
EOF
-$DEF_MNSECMODEL = (($q eq 'y') ? 1 : 0);
-if ($DEF_MNSECMODEL) {
+
$eUID = ($>) ? $> : ($ENV{'SUDO_UID'} || 0);
$is_not_root = (!$> && $ENV{'SUDO_UID'}) ? 'pre-sudo ' : '';
$useful = ($eUID) ? " (FYI: your ${is_not_root}euid is $eUID)" : "";
@@ -418,7 +426,6 @@
Lowest UID to serve files${useful}?
EOF
-}
if (!&yncheck("Can we use getpwnam()?",
"print scalar(getpwnam('root')), ' ... '")) {
@@ -438,9 +445,8 @@
(and if HTTPi can't change its uid to the executable's owner, this could be
a rather large security hole). For this reason, this option defaults to no.
-If you have the New Security Model on, *and* you're running as root, HTTPi
-will also change its UID to match the document's, which is useful for
-protecting things like /etc/passwd, and for preparsing.
+If you are running as root, HTTPi can change its uid to the document's, which
+is useful for protecting things like /etc/passwd, and for preparsing.
Enable user filesystem?
EOF
@@ -452,11 +458,11 @@
module loaded, you can insert inline Perl with the <perl></perl> tags and
access server internals.
-Preparsing is done only on files with extensions .sht, .shtm and .shtml,
+Preparsing is done only on files with extensions .sht, .shtm and .shtml,
unless you say otherwise.
-UNLESS YOU HAVE THE NEW SECURITY MODEL ON *AND* YOU'RE RUNNING HTTPi AS ROOT,
-preparsing runs as the UID of the webserver and this can be a *huge* security
+UNLESS YOU ARE RUNNING HTTPi AS ROOT, PREPARSING CAN BE VERY DANGEROUS! --
+preparsing then runs with the webserver uid and this can be a *huge* security
hole if enabled with the user filesystem. Enable only if you really trust
your users, or if you will be the sole person creating content for HTTPi (or
if you're running HTTPi as some unprivileged user that can't do anything
@@ -549,7 +555,7 @@
Gulp delay (in seconds)?
EOF
}
-
+
if ($DEF_MCANALARM) {
$q = &prompt(<<"EOF", "n", 1);
Now the ugly kludge section. This is really only relevant to inetd users, but
View
50 consubs.pl
@@ -1,6 +1,37 @@
-$version_key = "HTTPi/1.6/$DEF_CONF_TYPE";
+$version_key = "HTTPi/1.7/$DEF_CONF_TYPE";
$my_version_key = 0;
-$ACTUAL_VERSION = "1.6.2 (C)1998-2009 Cameron Kaiser/Contributors";
+$ACTUAL_VERSION = "1.7 (C)1998-2010 Cameron Kaiser/Contributors";
+
+print STDOUT "HTTPi/$ACTUAL_VERSION\n";
+print STDOUT "Pre-flight check in progress ...\n\n";
+
+#require "./Mpp.pm"; # use fails -T
+#$parser = new Mpp;
+
+# detaint our path. this is slightly risky, but we assume you know what
+# you're doing.
+$nupath = &detaint($ENV{'PATH'});
+if ($nupath =~ /(^|:)\./) {
+ 1 while ($nupath =~ s#(^|:)[^/][^:]*##);
+ 1 while ($nupath =~ s#:[^/][^:]+$##);
+ &prompt(<<"EOF", "");
+*** WARNING: Portions of your PATH have relative paths in them ***
+This is considered potentially unsafe by the installer, and these paths have
+been removed temporarily during this run of the configure script.
+
+Your path WAS:
+ $ENV{'PATH'}
+
+Your path now TEMPORARILY IS:
+ $nupath
+
+If you require these paths to find tools, press CONTROL-C now and fix your
+PATH, then re-run this configure script.
+
+Otherwise, press RETURN or ENTER to continue.
+EOF
+}
+$ENV{'PATH'} = $nupath;
sub detaint { # sigh
my ($w) = (@_);
@@ -60,8 +91,8 @@ sub preproc {
next;
}
next if ($ifl > 0);
- if (/^~check/) {
- (/^~check (.+)$/) && ($def = $1);
+ if (/^~(if|check)/) {
+ (/^~(if|check) (.+)$/) && ($def = $2);
@ldefs = split(/,\s*/, $def);
$j=0;
foreach $def (@ldefs) {
@@ -115,11 +146,11 @@ sub prompt {
EOF
printf(L "%s\n", $entry) if ($dontcare && !$DEFAULT);
return $entry;
-}
+}
sub inter_homedir {
# based on an idea by Mark Olesen
- my $w = shift;
+ my $w = &detaint(shift);
my $x = $w;
$x =~ s#^~/#\$ENV{'HOME'}/#; # so that interpolation occurs
my $w = '';
@@ -199,6 +230,7 @@ sub interprompt {
open(L, ">transcript.$p.$f") || (print(<<"EOF"), exit);
Can't open transcript file transcript.$p.$f for write.
+(Error was $!)
Check your permissions on that file or directory.
EOF
@@ -216,6 +248,7 @@ sub firstchecks {
"Hmm. This might not be a Unix box, but we'll keep trying.\n";
$DEF_ARCH = "???";
}
+ $HOSTNAME = &wherecheck('Finding hostname', 'hostname');
$didnt_work = 1;
PERLCHEK: while($didnt_work) {
@@ -229,9 +262,10 @@ sub firstchecks {
If you want to use this Perl to execute HTTPi, just hit RETURN/ENTER. However,
if you have another Perl executable you want to use instead, then enter it
here; it will be probed and then put in HTTPi's #! line.
-...
+...
EOF
print "Checking out your Perl ...\n";
+ $DEF_PERL = &detaint($DEF_PERL);
$test_script = 'print"$] ";eval"use POSIX ()";print"$@"';
if(!open(Q, "$DEF_PERL -e '$test_script'|")) {
print "Failed to execute $DEF_PERL ... $!\n";
@@ -304,5 +338,7 @@ sub firstchecks {
}
}
+print STDOUT "\nOk, starting the configure system.\n\n";
+
1;
View
74 httpi.in
@@ -19,10 +19,10 @@ use POSIX qw(SIGALRM SIGTERM sigaction);
~
$ENV{'PERL_SIGNALS'} = "unsafe";
~
-$VERSION = "1.6.2 (DEF_CONF_TYPE/DEF_ARCH)";
+$VERSION = "1.7 (DEF_CONF_TYPE/DEF_ARCH)";
# HTTPi Hypertext Tiny Truncated Process Implementation
-# Copyright 1999-2009 Cameron Kaiser and Contributors # All rights reserved
+# Copyright 1999-2010 Cameron Kaiser and Contributors # All rights reserved
# Please read LICENSE # Do not strip this copyright message.
###############################################################
@@ -129,7 +129,7 @@ undef %system_content_types;
while (($file, $arrayref) = each(%virtual_files)) {
my ($mime, $type, $block) = (@{ $arrayref });
next if ($type ne 'FILE');
- if(open(S, "$block")) {
+ if(sysopen(S, "$block", 0)) {
$j = $/; undef $/; $virtual_files{$file}->[2] = scalar(<S>);
$/ = $j; close(S);
} else {
@@ -517,7 +517,7 @@ EOF
&htsponse(200, "OK");
$contentlength = 0; # kludge
&log;
- if(open(S, $logfile)) {
+ if(sysopen(S, $logfile, 0)) {
seek(S, -5000, 2);
undef $/;
$logsnap = <S>;
@@ -594,15 +594,45 @@ EOF
;
~
1 while ($raddress =~ s#//#/#);
-~check MDEMONIC
- &hterror301("http://DEF_SERVER_HOST:DEF_TCP_PORT$address/")
-~
+~check MGENERIC
&hterror301("http://DEF_SERVER_HOST$address/")
~
+ &hterror301("http://DEF_SERVER_HOST:DEF_TCP_PORT$address/")
+~
if ($address !~ m#/$# && -d $raddress);
$raddress = (-r "${raddress}index.shtml") ?
"${raddress}index.shtml" : "${raddress}index.html"
if (-d $raddress);
+~check PATHINFO
+ if (! -e $raddress && ! -d $raddress
+ && $raddress =~ m#^(.+)/$#
+ && -x $1) {
+ $raddress = $1;
+ $ENV{'PATH_INFO'} = '/';
+ }
+ if (! -e $raddress) {
+ my $oldraddress = $raddress;
+ my @path_array = split('/', $raddress);
+ my @path_info = ();
+ my $k;
+
+ while(scalar(@path_array) &&
+ ((! -e $raddress) || (-d $raddress))) {
+ unshift(@path_info, pop(@path_array));
+ $raddress = join('/', @path_array);
+ }
+ if (scalar(@path_array) && (-x $raddress)) {
+ $ENV{'PATH_INFO'} = '/' . join('/', @path_info);
+ # change $address accordingly
+ $address = substr($address, 0,
+ length($address) - length($ENV{'PATH_INFO'}));
+ } else {
+ $raddress = $oldraddress; # prepare to fail
+ $ENV{'PATH_INFO'} = '';
+ }
+ }
+~
+~
IRED: ($hostname, $port, $ip) = &sock_to_host();
if(!sysopen(S, $raddress, 0)) { &hterror404; } else {
if ((-x $raddress)
@@ -645,6 +675,8 @@ EOF
require $raddress;
exit;
~
+ $ENV{'PATH'} = '';
+ ($raddress =~ /^(.+)$/) && ($raddress = $1);
if ($method eq 'POST') {
open(W, "|$raddress") || die
"can't POST to $raddress";
@@ -696,7 +728,7 @@ SERVEIT:
$contentlength ||= $length;
~check MPREPARSE
if ($raddress =~ /\.sDEF_PREGEXPAhtm?l?/i) {
- $currentcode = 200; &stub_nsecmodel; # kludge
+ $currentcode = 200; &nsecmodel; # kludge
$j = $/; undef $/; $q = <S>; $/ = $j; close(S);
1 while ($fbuf = '',
$q =~ s#<perl>(.+?)</perl>#eval"$1" || $@ || ''#es);
@@ -708,7 +740,7 @@ SERVEIT:
&htsponse(200, "OK");
&hthead("Last-Modified: $mtime");
&htcontent("", $ctype, $length);
- &stub_nsecmodel;
+ &nsecmodel;
$bytecount = 0;
unless ($method eq 'HEAD') {
while(!eof(S)) {
@@ -748,33 +780,23 @@ exit;
~check MPREPARSE
sub output { $fbuf .= "@_"; }
sub flush { $fbuf1 = $fbuf; $fbuf = ''; return $fbuf1; }
-sub include { if(open(INC, "@_")) { &output(join('', (<INC>))); close(INC); }
- else { &output("<!-- $! -->\n"); } }
+sub include {
+ if(sysopen(INC, "@_", 0)) {
+ &output(join('', (<INC>))); close(INC);
+ } else {
+ &output("<!-- $! -->\n");
+ }
+}
sub finclude { &include(@_); return &flush; }
~
~
-sub stub_nsecmodel {
-~# Don't expect this function to stay: it works around the preprocessor
-~# and supports disabling the New Security Model. 1.7 will make it mandatory.
-~check MNSECMODEL
- &nsecmodel;
-~
- &log;
-~
-}
sub nsecmodel {
&log;
-~check MNSECMODEL
($x,$x,$x,$x,$uid,$gid) = stat(S);
(!$uid || !$gid || $uid < DEF_NSECUID) &&
die "resource is root-owned, secured or not stat-able\n";
if (!$<) {
-~
- if (!$<) {
- ($x,$x,$x,$x,$uid,$gid) = stat(S);
- (!$uid || !$gid) && die "file is root-owned\n";
-~
~check CANDOSETRUID
($) = "$gid $gid") || die "can't set egid to $gid";
($> = $uid) || die "can't set euid to $uid";
View
74 stock/httpi.in
@@ -19,10 +19,10 @@ use POSIX qw(SIGALRM SIGTERM sigaction);
~
$ENV{'PERL_SIGNALS'} = "unsafe";
~
-$VERSION = "1.6.2 (DEF_CONF_TYPE/DEF_ARCH)";
+$VERSION = "1.7 (DEF_CONF_TYPE/DEF_ARCH)";
# HTTPi Hypertext Tiny Truncated Process Implementation
-# Copyright 1999-2009 Cameron Kaiser and Contributors # All rights reserved
+# Copyright 1999-2010 Cameron Kaiser and Contributors # All rights reserved
# Please read LICENSE # Do not strip this copyright message.
###############################################################
@@ -129,7 +129,7 @@ undef %system_content_types;
while (($file, $arrayref) = each(%virtual_files)) {
my ($mime, $type, $block) = (@{ $arrayref });
next if ($type ne 'FILE');
- if(open(S, "$block")) {
+ if(sysopen(S, "$block", 0)) {
$j = $/; undef $/; $virtual_files{$file}->[2] = scalar(<S>);
$/ = $j; close(S);
} else {
@@ -517,7 +517,7 @@ EOF
&htsponse(200, "OK");
$contentlength = 0; # kludge
&log;
- if(open(S, $logfile)) {
+ if(sysopen(S, $logfile, 0)) {
seek(S, -5000, 2);
undef $/;
$logsnap = <S>;
@@ -594,15 +594,45 @@ EOF
;
~
1 while ($raddress =~ s#//#/#);
-~check MDEMONIC
- &hterror301("http://DEF_SERVER_HOST:DEF_TCP_PORT$address/")
-~
+~check MGENERIC
&hterror301("http://DEF_SERVER_HOST$address/")
~
+ &hterror301("http://DEF_SERVER_HOST:DEF_TCP_PORT$address/")
+~
if ($address !~ m#/$# && -d $raddress);
$raddress = (-r "${raddress}index.shtml") ?
"${raddress}index.shtml" : "${raddress}index.html"
if (-d $raddress);
+~check PATHINFO
+ if (! -e $raddress && ! -d $raddress
+ && $raddress =~ m#^(.+)/$#
+ && -x $1) {
+ $raddress = $1;
+ $ENV{'PATH_INFO'} = '/';
+ }
+ if (! -e $raddress) {
+ my $oldraddress = $raddress;
+ my @path_array = split('/', $raddress);
+ my @path_info = ();
+ my $k;
+
+ while(scalar(@path_array) &&
+ ((! -e $raddress) || (-d $raddress))) {
+ unshift(@path_info, pop(@path_array));
+ $raddress = join('/', @path_array);
+ }
+ if (scalar(@path_array) && (-x $raddress)) {
+ $ENV{'PATH_INFO'} = '/' . join('/', @path_info);
+ # change $address accordingly
+ $address = substr($address, 0,
+ length($address) - length($ENV{'PATH_INFO'}));
+ } else {
+ $raddress = $oldraddress; # prepare to fail
+ $ENV{'PATH_INFO'} = '';
+ }
+ }
+~
+~
IRED: ($hostname, $port, $ip) = &sock_to_host();
if(!sysopen(S, $raddress, 0)) { &hterror404; } else {
if ((-x $raddress)
@@ -645,6 +675,8 @@ EOF
require $raddress;
exit;
~
+ $ENV{'PATH'} = '';
+ ($raddress =~ /^(.+)$/) && ($raddress = $1);
if ($method eq 'POST') {
open(W, "|$raddress") || die
"can't POST to $raddress";
@@ -696,7 +728,7 @@ SERVEIT:
$contentlength ||= $length;
~check MPREPARSE
if ($raddress =~ /\.sDEF_PREGEXPAhtm?l?/i) {
- $currentcode = 200; &stub_nsecmodel; # kludge
+ $currentcode = 200; &nsecmodel; # kludge
$j = $/; undef $/; $q = <S>; $/ = $j; close(S);
1 while ($fbuf = '',
$q =~ s#<perl>(.+?)</perl>#eval"$1" || $@ || ''#es);
@@ -708,7 +740,7 @@ SERVEIT:
&htsponse(200, "OK");
&hthead("Last-Modified: $mtime");
&htcontent("", $ctype, $length);
- &stub_nsecmodel;
+ &nsecmodel;
$bytecount = 0;
unless ($method eq 'HEAD') {
while(!eof(S)) {
@@ -748,33 +780,23 @@ exit;
~check MPREPARSE
sub output { $fbuf .= "@_"; }
sub flush { $fbuf1 = $fbuf; $fbuf = ''; return $fbuf1; }
-sub include { if(open(INC, "@_")) { &output(join('', (<INC>))); close(INC); }
- else { &output("<!-- $! -->\n"); } }
+sub include {
+ if(sysopen(INC, "@_", 0)) {
+ &output(join('', (<INC>))); close(INC);
+ } else {
+ &output("<!-- $! -->\n");
+ }
+}
sub finclude { &include(@_); return &flush; }
~
~
-sub stub_nsecmodel {
-~# Don't expect this function to stay: it works around the preprocessor
-~# and supports disabling the New Security Model. 1.7 will make it mandatory.
-~check MNSECMODEL
- &nsecmodel;
-~
- &log;
-~
-}
sub nsecmodel {
&log;
-~check MNSECMODEL
($x,$x,$x,$x,$uid,$gid) = stat(S);
(!$uid || !$gid || $uid < DEF_NSECUID) &&
die "resource is root-owned, secured or not stat-able\n";
if (!$<) {
-~
- if (!$<) {
- ($x,$x,$x,$x,$uid,$gid) = stat(S);
- (!$uid || !$gid) && die "file is root-owned\n";
-~
~check CANDOSETRUID
($) = "$gid $gid") || die "can't set egid to $gid";
($> = $uid) || die "can't set euid to $uid";
View
2  tools/noodle
@@ -17,7 +17,7 @@ EOF
foreach (sort keys %ENV) {
print "$_=$ENV{$_}\n"
if (/^QUERY_/ || /^CONTENT_/ || /^REMOTE_/ || /^REQUEST_/ ||
- /^SCRIPT_/ || /^SERVER_/ || /^HTTP_/);
+ /^SCRIPT_/ || /^SERVER_/ || /^HTTP_/ || /^PATH_/);
}
Please sign in to comment.
Something went wrong with that request. Please try again.