|
|
b577e34 |
diff -urp passenger-release-3.0.21.orig/ext/common/LoggingAgent/Main.cpp passenger-release-3.0.21/ext/common/LoggingAgent/Main.cpp
|
|
|
b577e34 |
--- passenger-release-3.0.21.orig/ext/common/LoggingAgent/Main.cpp 2013-05-29 07:09:31.000000000 -0500
|
|
|
b577e34 |
+++ passenger-release-3.0.21/ext/common/LoggingAgent/Main.cpp 2013-07-18 09:35:47.514433743 -0500
|
|
|
b577e34 |
@@ -265,11 +265,6 @@ main(int argc, char *argv[]) {
|
|
|
b577e34 |
ev::sig sigtermWatcher(eventLoop);
|
|
|
b577e34 |
ev::sig sigquitWatcher(eventLoop);
|
|
|
b577e34 |
|
|
|
b577e34 |
- if (feedbackFdAvailable()) {
|
|
|
b577e34 |
- feedbackFdWatcher.set<&feedbackFdBecameReadable>();
|
|
|
b577e34 |
- feedbackFdWatcher.start(FEEDBACK_FD, ev::READ);
|
|
|
b577e34 |
- writeArrayMessage(FEEDBACK_FD, "initialized", NULL);
|
|
|
b577e34 |
- }
|
|
|
b577e34 |
sigintWatcher.set<&caughtExitSignal>();
|
|
|
b577e34 |
sigintWatcher.start(SIGINT);
|
|
|
b577e34 |
sigtermWatcher.set<&caughtExitSignal>();
|
|
|
b577e34 |
@@ -281,6 +276,11 @@ main(int argc, char *argv[]) {
|
|
|
b577e34 |
/********** Initialized! Enter main loop... **********/
|
|
|
b577e34 |
|
|
|
b577e34 |
P_DEBUG("Logging agent online, listening at " << socketAddress);
|
|
|
b577e34 |
+ if (feedbackFdAvailable()) {
|
|
|
b577e34 |
+ feedbackFdWatcher.set<&feedbackFdBecameReadable>();
|
|
|
b577e34 |
+ feedbackFdWatcher.start(FEEDBACK_FD, ev::READ);
|
|
|
b577e34 |
+ writeArrayMessage(FEEDBACK_FD, "initialized", NULL);
|
|
|
b577e34 |
+ }
|
|
|
b577e34 |
ev_loop(eventLoop, 0);
|
|
|
b577e34 |
return exitCode;
|
|
|
b577e34 |
} catch (const tracable_exception &e) {
|
|
|
b577e34 |
diff -urp passenger-release-3.0.21.orig/ext/common/ServerInstanceDir.h passenger-release-3.0.21/ext/common/ServerInstanceDir.h
|
|
|
b577e34 |
--- passenger-release-3.0.21.orig/ext/common/ServerInstanceDir.h 2013-05-29 07:09:31.000000000 -0500
|
|
|
b577e34 |
+++ passenger-release-3.0.21/ext/common/ServerInstanceDir.h 2013-07-18 09:38:54.431808622 -0500
|
|
|
b577e34 |
@@ -30,6 +30,7 @@
|
|
|
b577e34 |
#include <oxt/backtrace.hpp>
|
|
|
b577e34 |
|
|
|
b577e34 |
#include <sys/types.h>
|
|
|
b577e34 |
+#include <sys/stat.h>
|
|
|
b577e34 |
#include <dirent.h>
|
|
|
b577e34 |
#include <unistd.h>
|
|
|
b577e34 |
#include <pwd.h>
|
|
|
b577e34 |
@@ -38,6 +39,7 @@
|
|
|
b577e34 |
#include <cstring>
|
|
|
b577e34 |
#include <string>
|
|
|
b577e34 |
|
|
|
b577e34 |
+#include <Logging.h>
|
|
|
b577e34 |
#include "Exceptions.h"
|
|
|
b577e34 |
#include "Utils.h"
|
|
|
b577e34 |
#include "Utils/StrIntUtils.h"
|
|
|
b577e34 |
@@ -217,7 +219,69 @@ private:
|
|
|
b577e34 |
* rights though, because we want admin tools to be able to list the available
|
|
|
b577e34 |
* generations no matter what user they're running as.
|
|
|
b577e34 |
*/
|
|
|
b577e34 |
- makeDirTree(path, "u=rwxs,g=rx,o=rx");
|
|
|
b577e34 |
+ if (owner) {
|
|
|
b577e34 |
+ switch (getFileType(path)) {
|
|
|
b577e34 |
+ case FT_NONEXISTANT:
|
|
|
b577e34 |
+ createDirectory(path);
|
|
|
b577e34 |
+ break;
|
|
|
b577e34 |
+ case FT_DIRECTORY:
|
|
|
b577e34 |
+ verifyDirectoryPermissions(path);
|
|
|
b577e34 |
+ break;
|
|
|
b577e34 |
+ default:
|
|
|
b577e34 |
+ throw RuntimeException("'" + path + "' already exists, and is not a directory");
|
|
|
b577e34 |
+ }
|
|
|
b577e34 |
+ } else if (getFileType(path) != FT_DIRECTORY) {
|
|
|
b577e34 |
+ throw RuntimeException("Server instance directory '" + path +
|
|
|
b577e34 |
+ "' does not exist");
|
|
|
b577e34 |
+ }
|
|
|
b577e34 |
+ }
|
|
|
b577e34 |
+
|
|
|
b577e34 |
+ void createDirectory(const string &path) const {
|
|
|
b577e34 |
+ // We do not use makeDirTree() here. If an attacker creates a directory
|
|
|
b577e34 |
+ // just before we do, then we want to abort because we want the directory
|
|
|
b577e34 |
+ // to have specific permissions.
|
|
|
b577e34 |
+ if (mkdir(path.c_str(), parseModeString("u=rwx,g=rx,o=rx")) == -1) {
|
|
|
b577e34 |
+ int e = errno;
|
|
|
b577e34 |
+ throw FileSystemException("Cannot create server instance directory '" +
|
|
|
b577e34 |
+ path + "'", e, path);
|
|
|
b577e34 |
+ }
|
|
|
b577e34 |
+ // verifyDirectoryPermissions() checks for the owner/group so we must make
|
|
|
b577e34 |
+ // sure the server instance directory has that owner/group, even when the
|
|
|
b577e34 |
+ // parent directory has setgid on.
|
|
|
b577e34 |
+ if (chown(path.c_str(), geteuid(), getegid()) == -1) {
|
|
|
b577e34 |
+ int e = errno;
|
|
|
b577e34 |
+ throw FileSystemException("Cannot change the permissions of the server "
|
|
|
b577e34 |
+ "instance directory '" + path + "'", e, path);
|
|
|
b577e34 |
+ }
|
|
|
b577e34 |
+ }
|
|
|
b577e34 |
+
|
|
|
b577e34 |
+ /**
|
|
|
b577e34 |
+ * When reusing an existing server instance directory, check permissions
|
|
|
b577e34 |
+ * so that an attacker cannot pre-create a directory with too liberal
|
|
|
b577e34 |
+ * permissions.
|
|
|
b577e34 |
+ */
|
|
|
b577e34 |
+ void verifyDirectoryPermissions(const string &path) {
|
|
|
b577e34 |
+ TRACE_POINT();
|
|
|
b577e34 |
+ struct stat buf;
|
|
|
b577e34 |
+
|
|
|
b577e34 |
+ if (stat(path.c_str(), &buf) == -1) {
|
|
|
b577e34 |
+ int e = errno;
|
|
|
b577e34 |
+ throw FileSystemException("Cannot stat() " + path, e, path);
|
|
|
b577e34 |
+ } else if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) {
|
|
|
b577e34 |
+ throw RuntimeException("Tried to reuse existing server instance directory " +
|
|
|
b577e34 |
+ path + ", but it has wrong permissions");
|
|
|
b577e34 |
+ } else if (buf.st_uid != geteuid() || buf.st_gid != getegid()) {
|
|
|
b577e34 |
+ /* The server instance directory is always created by the Watchdog. Its UID/GID never
|
|
|
b577e34 |
+ * changes because:
|
|
|
b577e34 |
+ * 1. Disabling user switching only lowers the privilege of the HelperAgent.
|
|
|
b577e34 |
+ * 2. For the UID/GID to change, the web server must be completely restarted
|
|
|
b577e34 |
+ * (not just graceful reload) so that the control process can change its UID/GID.
|
|
|
b577e34 |
+ * This causes the PID to change, so that an entirely new server instance
|
|
|
b577e34 |
+ * directory is created.
|
|
|
b577e34 |
+ */
|
|
|
b577e34 |
+ throw RuntimeException("Tried to reuse existing server instance directory " +
|
|
|
b577e34 |
+ path + ", but it has wrong owner and group");
|
|
|
b577e34 |
+ }
|
|
|
b577e34 |
}
|
|
|
b577e34 |
|
|
|
b577e34 |
bool isDirectory(const string &dir, struct dirent *entry) const {
|
|
|
b577e34 |
diff -urp passenger-release-3.0.21.orig/NEWS passenger-release-3.0.21/NEWS
|
|
|
b577e34 |
--- passenger-release-3.0.21.orig/NEWS 2013-05-29 07:09:31.000000000 -0500
|
|
|
b577e34 |
+++ passenger-release-3.0.21/NEWS 2013-07-18 08:58:30.943558375 -0500
|
|
|
b577e34 |
@@ -8,6 +8,7 @@ Release 3.0.21
|
|
|
b577e34 |
* Catch exceptions raised by Rack application objects.
|
|
|
b577e34 |
* Fix for CVE-2013-2119. Details can be found in the announcement for version 4.0.5.
|
|
|
b577e34 |
* Version 3.0.20 was pulled because its fixes were incomplete.
|
|
|
b577e34 |
+ * Fix for CVE-2013-4136. Details can be found in the announcement for version 4.0.8.
|
|
|
b577e34 |
|
|
|
b577e34 |
|
|
|
b577e34 |
Release 3.0.19
|
|
|
b577e34 |
diff -urp passenger-release-3.0.21.orig/test/cxx/ServerInstanceDirTest.cpp passenger-release-3.0.21/test/cxx/ServerInstanceDirTest.cpp
|
|
|
b577e34 |
--- passenger-release-3.0.21.orig/test/cxx/ServerInstanceDirTest.cpp 2013-05-29 07:09:31.000000000 -0500
|
|
|
b577e34 |
+++ passenger-release-3.0.21/test/cxx/ServerInstanceDirTest.cpp 2013-07-18 09:09:50.898433782 -0500
|
|
|
b577e34 |
@@ -73,9 +73,11 @@ namespace tut {
|
|
|
b577e34 |
}
|
|
|
b577e34 |
|
|
|
b577e34 |
TEST_METHOD(5) {
|
|
|
b577e34 |
- // The destructor doesnn't remove the server instance directory if it
|
|
|
b577e34 |
+ // The destructor doesn't remove the server instance directory if it
|
|
|
b577e34 |
// wasn't created with the ownership flag or if it's been detached.
|
|
|
b577e34 |
string path, path2;
|
|
|
b577e34 |
+ makeDirTree(parentDir + "/passenger-test.1234");
|
|
|
b577e34 |
+ makeDirTree(parentDir + "/passenger-test.5678");
|
|
|
b577e34 |
{
|
|
|
b577e34 |
ServerInstanceDir dir(1234, parentDir, false);
|
|
|
b577e34 |
ServerInstanceDir dir2(5678, parentDir);
|