diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2023-11-08 03:31:54 +0000 |
---|---|---|
committer | Laurent Bercot <ska@appnovation.com> | 2023-11-08 03:31:54 +0000 |
commit | 0cab505405d61922e07096f97159838584d3787d (patch) | |
tree | fbec9a665cda492949d5f44b46f7e20e0ef6b483 | |
parent | 4eda14316376fb1e657ac2da269533e2422d2399 (diff) | |
download | tipidee-0cab505405d61922e07096f97159838584d3787d.tar.gz tipidee-0cab505405d61922e07096f97159838584d3787d.tar.xz tipidee-0cab505405d61922e07096f97159838584d3787d.zip |
Prepare for 0.0.2.0. Add global executable_means_cgi config directive.
Signed-off-by: Laurent Bercot <ska@appnovation.com>
-rw-r--r-- | doc/index.html | 2 | ||||
-rw-r--r-- | doc/tipidee.conf.html | 26 | ||||
-rw-r--r-- | doc/upgrade.html | 4 | ||||
-rw-r--r-- | examples/tipidee.conf | 5 | ||||
-rw-r--r-- | package/info | 2 | ||||
-rw-r--r-- | src/config/defaults.c | 3 | ||||
-rw-r--r-- | src/config/lexparse.c | 3 | ||||
-rw-r--r-- | src/tipideed/tipideed-internal.h | 4 | ||||
-rw-r--r-- | src/tipideed/tipideed.c | 2 |
9 files changed, 44 insertions, 7 deletions
diff --git a/doc/index.html b/doc/index.html index 91ed0de..0341d6b 100644 --- a/doc/index.html +++ b/doc/index.html @@ -143,7 +143,7 @@ Don't take my word for it; try it out for yourself. </li> <ul> <li> The current released version of tipidee is -<a href="tipidee-0.0.1.1.tar.gz">0.0.1.1</a>. </li> +<a href="tipidee-0.0.2.0.tar.gz">0.0.2.0</a>. </li> <li> You can checkout a copy of the <a href="//git.skarnet.org/cgi-bin/cgit.cgi/tipidee/">tipidee git repository</a>: diff --git a/doc/tipidee.conf.html b/doc/tipidee.conf.html index 4c0a23f..182c206 100644 --- a/doc/tipidee.conf.html +++ b/doc/tipidee.conf.html @@ -276,6 +276,32 @@ output data. And this is "private dirty" memory, i.e. memory that that setting — and with the CGI scripts you choose to run. </li> </ul> + +<div id="executable_means_cgi"> +<h4> <tt>executable_means_cgi</tt> </h4> +</div> + +<p> + <code> global executable_means_cgi <em>value</em> </code> +</p> + +<ul> + <li> <em>value</em> is a non-negative integer. If it is nonzero, then +all the documents that have an executable bit for "others" will be +considered CGI scripts by default. </li> + <li> This is useful when your CGI scripts are scattered among your +documents and you cannot gather them under a hierarchy like <tt>/cgi-bin/</tt>. </li> + <li> On the other hand, it should only be used by administrators who keep a +tight control on their documents. It is dangerous to activate this option +with dynamically managed content, because there could be files created with +the wrong permissions and improperly identified as CGI scripts, resulting in +failures or even security holes. </li> + <li> The classification of a given executable file as a CGI script +can be overridden by a local <tt>noncgi</tt> directive, see below. Such +a directive can protect dynamically managed content that is restricted +to a given hierarchy. </li> +</ul> + <div id="index-file"> <h3> The <tt>index-file</tt> directive </h3> </div> diff --git a/doc/upgrade.html b/doc/upgrade.html index b00298a..1683855 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -18,10 +18,10 @@ <h1> What has changed in tipidee </h1> -<h2> in.0.0.1.1 </h2> +<h2> in.0.0.2.0 </h2> <ul> - <li> No functional changes. </li> + <li> New <tt>global executable_means_cgi</tt> configuration directive. </li> </ul> <h2> in 0.0.1.0 </h2> diff --git a/examples/tipidee.conf b/examples/tipidee.conf index c44a015..2e2eb9d 100644 --- a/examples/tipidee.conf +++ b/examples/tipidee.conf @@ -23,6 +23,11 @@ # is larger than N bytes. (does not apply to NPH scripts) # global max_cgi_body_length 4194304 +# If this value is nonzero, tipidee will treat all the files with an +# executable bit for "others" as CGI scripts by default. Can be +# overridden by local noncgi directives. +# global executable_means_cgi 0 + # When the requested URL is a directory, tipideed will serve the first # existing file in this list. (Useful e.g. if you have an index.cgi program.) # index-file index.html diff --git a/package/info b/package/info index 22377b4..3492464 100644 --- a/package/info +++ b/package/info @@ -1,4 +1,4 @@ package=tipidee -version=0.0.1.1 +version=0.0.2.0 category=web package_macro_name=TIPIDEE diff --git a/src/config/defaults.c b/src/config/defaults.c index dfc13f2..7dbab8a 100644 --- a/src/config/defaults.c +++ b/src/config/defaults.c @@ -23,8 +23,9 @@ static struct defaults_s const defaults[] = RECU32("G:cgi_timeout", 0), RECU32("G:max_request_body_length", 8192), RECU32("G:max_cgi_body_length", 4194304), - RECS("G:index-file", "index.html"), RECU32("G:logv", TIPIDEE_LOG_DEFAULT), + RECU32("G:executable_means_cgi", 0), + RECS("G:index-file", "index.html"), RECS("T:html", "text/html"), RECS("T:htm", "text/html"), diff --git a/src/config/lexparse.c b/src/config/lexparse.c index afd22a5..799b17f 100644 --- a/src/config/lexparse.c +++ b/src/config/lexparse.c @@ -98,6 +98,7 @@ static inline void parse_global (char const *s, size_t const *word, size_t n, md static char const *const globalkeys[] = { "cgi_timeout", + "executable_means_cgi", "max_cgi_body_length", "max_request_body_length", "read_timeout", @@ -536,7 +537,7 @@ static inline char next (buffer *b, mdt const *md) void conf_lexparse (buffer *b, char const *ifile) { - static uint8_t const table[4][5] = /* see PARSING.txt */ + static uint8_t const table[4][5] = /* see PARSING-config.txt */ { { 0x04, 0x02, 0x01, 0x80, 0x33 }, { 0x04, 0x01, 0x01, 0x80, 0x01 }, diff --git a/src/tipideed/tipideed-internal.h b/src/tipideed/tipideed-internal.h index 1efe291..8b0e114 100644 --- a/src/tipideed/tipideed-internal.h +++ b/src/tipideed/tipideed-internal.h @@ -40,6 +40,7 @@ struct global_s uint16_t indexn : 4 ; uint16_t cont : 2 ; uint16_t ssl : 1 ; + uint16_t xiscgi : 1 ; } ; #define GLOBAL_ZERO \ { \ @@ -62,7 +63,8 @@ struct global_s .defaultport = 0, \ .indexn = 0, \ .cont = 1, \ - .ssl = 0 \ + .ssl = 0, \ + .xiscgi = 0 \ } extern struct global_s g ; diff --git a/src/tipideed/tipideed.c b/src/tipideed/tipideed.c index 56ef46c..1c07cf3 100644 --- a/src/tipideed/tipideed.c +++ b/src/tipideed/tipideed.c @@ -277,6 +277,7 @@ static inline int serve (tipidee_rql *rql, char const *docroot, char *uribuf, ti } tipidee_log_debug(g.logv, "serve: docroot ", docroot, " file ", fn, " infopath ", infopath ? infopath : "(none)") ; + if (g.xiscgi && st.st_mode & S_IXOTH) ra.flags |= TIPIDEE_RA_FLAG_CGI ; get_resattr(rql, docroot, fn, &ra) ; if (!ra.flags & TIPIDEE_RA_FLAG_CGI) @@ -351,6 +352,7 @@ int main (int argc, char const *const *argv, char const *const *envp) g.maxrqbody = get_uint32("G:max_request_body_length") ; g.maxcgibody = get_uint32("G:max_cgi_body_length") ; g.logv = get_uint32("G:logv") ; + g.xiscgi = !!get_uint32("G:executable_means_cgi") ; n = tipidee_conf_get_argv(&g.conf, "G:index-file", g.indexnames, 16, &g.indexlen) ; if (!n) strerr_dief3x(102, "bad", " config value for ", "G:index_file") ; g.indexn = n-1 ; |