about summary refs log tree commit diff
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2023-11-08 03:31:54 +0000
committerLaurent Bercot <ska@appnovation.com>2023-11-08 03:31:54 +0000
commit0cab505405d61922e07096f97159838584d3787d (patch)
treefbec9a665cda492949d5f44b46f7e20e0ef6b483
parent4eda14316376fb1e657ac2da269533e2422d2399 (diff)
downloadtipidee-0cab505405d61922e07096f97159838584d3787d.tar.gz
tipidee-0cab505405d61922e07096f97159838584d3787d.tar.xz
tipidee-0cab505405d61922e07096f97159838584d3787d.zip
Prepare for 0.0.2.0. Add global executable_means_cgi config directive.
Signed-off-by: Laurent Bercot <ska@appnovation.com>
-rw-r--r--doc/index.html2
-rw-r--r--doc/tipidee.conf.html26
-rw-r--r--doc/upgrade.html4
-rw-r--r--examples/tipidee.conf5
-rw-r--r--package/info2
-rw-r--r--src/config/defaults.c3
-rw-r--r--src/config/lexparse.c3
-rw-r--r--src/tipideed/tipideed-internal.h4
-rw-r--r--src/tipideed/tipideed.c2
9 files changed, 44 insertions, 7 deletions
diff --git a/doc/index.html b/doc/index.html
index 91ed0de..0341d6b 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -143,7 +143,7 @@ Don't take my word for it; try it out for yourself. </li>
 
 <ul>
  <li> The current released version of tipidee is
-<a href="tipidee-0.0.1.1.tar.gz">0.0.1.1</a>. </li>
+<a href="tipidee-0.0.2.0.tar.gz">0.0.2.0</a>. </li>
  <li> You can checkout a copy of the
 <a href="//git.skarnet.org/cgi-bin/cgit.cgi/tipidee/">tipidee
 git repository</a>:
diff --git a/doc/tipidee.conf.html b/doc/tipidee.conf.html
index 4c0a23f..182c206 100644
--- a/doc/tipidee.conf.html
+++ b/doc/tipidee.conf.html
@@ -276,6 +276,32 @@ output data. And this is "private dirty" memory, i.e. memory that
 that setting &mdash; and with the CGI scripts you choose to run. </li>
 </ul>
 
+
+<div id="executable_means_cgi">
+<h4> <tt>executable_means_cgi</tt> </h4>
+</div>
+
+<p>
+ <code> global executable_means_cgi <em>value</em> </code>
+</p>
+
+<ul>
+ <li> <em>value</em> is a non-negative integer. If it is nonzero, then
+all the documents that have an executable bit for "others" will be
+considered CGI scripts by default. </li>
+ <li> This is useful when your CGI scripts are scattered among your
+documents and you cannot gather them under a hierarchy like <tt>/cgi-bin/</tt>. </li>
+ <li> On the other hand, it should only be used by administrators who keep a
+tight control on their documents. It is dangerous to activate this option
+with dynamically managed content, because there could be files created with
+the wrong permissions and improperly identified as CGI scripts, resulting in
+failures or even security holes. </li>
+ <li> The classification of a given executable file as a CGI script
+can be overridden by a local <tt>noncgi</tt> directive, see below. Such
+a directive can protect dynamically managed content that is restricted
+to a given hierarchy. </li>
+</ul>
+
 <div id="index-file">
 <h3> The <tt>index-file</tt> directive </h3>
 </div>
diff --git a/doc/upgrade.html b/doc/upgrade.html
index b00298a..1683855 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -18,10 +18,10 @@
 
 <h1> What has changed in tipidee </h1>
 
-<h2> in.0.0.1.1 </h2>
+<h2> in.0.0.2.0 </h2>
 
 <ul>
- <li> No functional changes. </li>
+ <li> New <tt>global executable_means_cgi</tt> configuration directive. </li>
 </ul>
 
 <h2> in 0.0.1.0 </h2>
diff --git a/examples/tipidee.conf b/examples/tipidee.conf
index c44a015..2e2eb9d 100644
--- a/examples/tipidee.conf
+++ b/examples/tipidee.conf
@@ -23,6 +23,11 @@
 # is larger than N bytes. (does not apply to NPH scripts)
 # global max_cgi_body_length 4194304
 
+# If this value is nonzero, tipidee will treat all the files with an
+# executable bit for "others" as CGI scripts by default. Can be
+# overridden by local noncgi directives.
+# global executable_means_cgi 0
+
 # When the requested URL is a directory, tipideed will serve the first
 # existing file in this list. (Useful e.g. if you have an index.cgi program.)
 # index-file index.html
diff --git a/package/info b/package/info
index 22377b4..3492464 100644
--- a/package/info
+++ b/package/info
@@ -1,4 +1,4 @@
 package=tipidee
-version=0.0.1.1
+version=0.0.2.0
 category=web
 package_macro_name=TIPIDEE
diff --git a/src/config/defaults.c b/src/config/defaults.c
index dfc13f2..7dbab8a 100644
--- a/src/config/defaults.c
+++ b/src/config/defaults.c
@@ -23,8 +23,9 @@ static struct defaults_s const defaults[] =
   RECU32("G:cgi_timeout", 0),
   RECU32("G:max_request_body_length", 8192),
   RECU32("G:max_cgi_body_length", 4194304),
-  RECS("G:index-file", "index.html"),
   RECU32("G:logv", TIPIDEE_LOG_DEFAULT),
+  RECU32("G:executable_means_cgi", 0),
+  RECS("G:index-file", "index.html"),
 
   RECS("T:html", "text/html"),
   RECS("T:htm", "text/html"),
diff --git a/src/config/lexparse.c b/src/config/lexparse.c
index afd22a5..799b17f 100644
--- a/src/config/lexparse.c
+++ b/src/config/lexparse.c
@@ -98,6 +98,7 @@ static inline void parse_global (char const *s, size_t const *word, size_t n, md
   static char const *const globalkeys[] =
   {
     "cgi_timeout",
+    "executable_means_cgi",
     "max_cgi_body_length",
     "max_request_body_length",
     "read_timeout",
@@ -536,7 +537,7 @@ static inline char next (buffer *b, mdt const *md)
 
 void conf_lexparse (buffer *b, char const *ifile)
 {
-  static uint8_t const table[4][5] =  /* see PARSING.txt */
+  static uint8_t const table[4][5] =  /* see PARSING-config.txt */
   {
     { 0x04, 0x02, 0x01, 0x80, 0x33 },
     { 0x04, 0x01, 0x01, 0x80, 0x01 },
diff --git a/src/tipideed/tipideed-internal.h b/src/tipideed/tipideed-internal.h
index 1efe291..8b0e114 100644
--- a/src/tipideed/tipideed-internal.h
+++ b/src/tipideed/tipideed-internal.h
@@ -40,6 +40,7 @@ struct global_s
   uint16_t indexn : 4 ;
   uint16_t cont : 2 ;
   uint16_t ssl : 1 ;
+  uint16_t xiscgi : 1 ;
 } ;
 #define GLOBAL_ZERO \
 { \
@@ -62,7 +63,8 @@ struct global_s
   .defaultport = 0, \
   .indexn = 0, \
   .cont = 1, \
-  .ssl = 0 \
+  .ssl = 0, \
+  .xiscgi = 0 \
 }
 
 extern struct global_s g ;
diff --git a/src/tipideed/tipideed.c b/src/tipideed/tipideed.c
index 56ef46c..1c07cf3 100644
--- a/src/tipideed/tipideed.c
+++ b/src/tipideed/tipideed.c
@@ -277,6 +277,7 @@ static inline int serve (tipidee_rql *rql, char const *docroot, char *uribuf, ti
   }
   tipidee_log_debug(g.logv, "serve: docroot ", docroot, " file ", fn, " infopath ", infopath ? infopath : "(none)") ;
 
+  if (g.xiscgi && st.st_mode & S_IXOTH) ra.flags |= TIPIDEE_RA_FLAG_CGI ;
   get_resattr(rql, docroot, fn, &ra) ;
 
   if (!ra.flags & TIPIDEE_RA_FLAG_CGI)
@@ -351,6 +352,7 @@ int main (int argc, char const *const *argv, char const *const *envp)
   g.maxrqbody = get_uint32("G:max_request_body_length") ;
   g.maxcgibody = get_uint32("G:max_cgi_body_length") ;
   g.logv = get_uint32("G:logv") ;
+  g.xiscgi = !!get_uint32("G:executable_means_cgi") ;
   n = tipidee_conf_get_argv(&g.conf, "G:index-file", g.indexnames, 16, &g.indexlen) ;
   if (!n) strerr_dief3x(102, "bad", " config value for ", "G:index_file") ;
   g.indexn = n-1 ;