Skip to content

Commit ca4f206

Browse files
author
Nick Kew
committed
Support chroot on unix-family platforms
PR 43596 (Dimitar Pashev) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@611483 13f79535-47bb-0310-9956-ffa450edef68
1 parent 11d1423 commit ca4f206

3 files changed

Lines changed: 50 additions & 1 deletion

File tree

CHANGES

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@
22
Changes with Apache 2.3.0
33
[ When backported to 2.2.x, remove entry from this file ]
44

5+
*) Support chroot on Unix-family platforms
6+
PR 43596 [Dimitar Pashev <mitko banksoft-bg.com>]
7+
58
*) Don't add bogus duplicate Content-Language entries
69
PR 11035 [Davi Arnaut]
710

os/unix/unixd.c

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,30 @@ AP_DECLARE(int) unixd_setup_child(void)
117117
if (set_group_privs()) {
118118
return -1;
119119
}
120+
121+
if (NULL != unixd_config.chroot_dir) {
122+
if (geteuid()) {
123+
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
124+
"Cannot chroot when not started as root");
125+
return -1;
126+
}
127+
if (chdir(unixd_config.chroot_dir) != 0) {
128+
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
129+
"Can't chdir to %s", unixd_config.chroot_dir);
130+
return -1;
131+
}
132+
if (chroot(unixd_config.chroot_dir) != 0) {
133+
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
134+
"Can't chroot to %s", unixd_config.chroot_dir);
135+
return -1;
136+
}
137+
if (chdir("/") != 0) {
138+
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
139+
"Can't chdir to new root");
140+
return -1;
141+
}
142+
}
143+
120144
#ifdef MPE
121145
/* Only try to switch if we're running as MANAGER.SYS */
122146
if (geteuid() == 1 && unixd_config.user_id > 1) {
@@ -198,6 +222,20 @@ AP_DECLARE(const char *) unixd_set_group(cmd_parms *cmd, void *dummy,
198222

199223
return NULL;
200224
}
225+
AP_DECLARE(const char *) unixd_set_chroot_dir(cmd_parms *cmd, void *dummy,
226+
const char *arg)
227+
{
228+
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
229+
if (err != NULL) {
230+
return err;
231+
}
232+
if (!ap_is_directory(cmd->pool, arg)) {
233+
return "ChrootDir must be a valid directory";
234+
}
235+
236+
unixd_config.chroot_dir = arg;
237+
return NULL;
238+
}
201239

202240
AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
203241
{
@@ -206,6 +244,8 @@ AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
206244
unixd_config.user_name = DEFAULT_USER;
207245
unixd_config.user_id = ap_uname2id(DEFAULT_USER);
208246
unixd_config.group_id = ap_gname2id(DEFAULT_GROUP);
247+
248+
unixd_config.chroot_dir = NULL; /* none */
209249

210250
/* Check for suexec */
211251
unixd_config.suexec_enabled = 0;

os/unix/unixd.h

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,7 @@ typedef struct {
7676
uid_t user_id;
7777
gid_t group_id;
7878
int suexec_enabled;
79+
const char *chroot_dir;
7980
} unixd_config_rec;
8081
AP_DECLARE_DATA extern unixd_config_rec unixd_config;
8182

@@ -85,6 +86,9 @@ AP_DECLARE(const char *) unixd_set_user(cmd_parms *cmd, void *dummy,
8586
const char *arg);
8687
AP_DECLARE(const char *) unixd_set_group(cmd_parms *cmd, void *dummy,
8788
const char *arg);
89+
AP_DECLARE(const char *) unixd_set_chroot_dir(cmd_parms *cmd, void *dummy,
90+
const char *arg);
91+
8892
#if defined(RLIMIT_CPU) || defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_NPROC) || defined(RLIMIT_AS)
8993
AP_DECLARE(void) unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit,
9094
const char *arg, const char * arg2, int type);
@@ -115,7 +119,9 @@ AP_DECLARE(apr_status_t) unixd_accept(void **accepted, ap_listen_rec *lr, apr_po
115119
AP_INIT_TAKE1("User", unixd_set_user, NULL, RSRC_CONF, \
116120
"Effective user id for this server"), \
117121
AP_INIT_TAKE1("Group", unixd_set_group, NULL, RSRC_CONF, \
118-
"Effective group id for this server")
122+
"Effective group id for this server"), \
123+
AP_INIT_TAKE1("ChrootDir", unixd_set_chroot_dir, NULL, RSRC_CONF, \
124+
"The directory to chroot(2) into")
119125

120126
#ifdef __cplusplus
121127
}

0 commit comments

Comments
 (0)