diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c82948a --- /dev/null +++ b/Makefile @@ -0,0 +1,39 @@ + +path = $(subst :, ,$(PATH)) +diet_path = $(foreach dir,$(path),$(wildcard $(dir)/diet)) +ifeq ($(strip $(diet_path)),) +ifneq ($(wildcard /opt/diet/bin/diet),) +DIET=/opt/diet/bin/diet +else +DIET= +endif +else +DIET:=$(strip $(diet_path)) +endif + +# to build without diet libc support, use $ make DIET= +# see http://www.fefe.de/dietlibc/ for details about the diet libc + +ifneq ($(DEBUG),) +CFLAGS+=-g +LDFLAGS+=-g +else +CFLAGS+=-O2 -fomit-frame-pointer +LDFLAGS+=-s +ifneq ($(DIET),) +DIET+=-Os +endif +endif + +CC:=$(DIET) $(CC) + +.PHONY: all install clean +all: execwrap + +install: execwrap + install -d $(DESTDIR)/usr/sbin/ $(DESTDIR)/usr/share/man/man8/ + install -s -m 755 execwrap $(DESTDIR)/usr/sbin/ + install execwrap.8 $(DESTDIR)/usr/share/man/man8/ + +clean: + rm -f execwrap diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..c6da816 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +execwrap (0.5-1) unstable; urgency=low + + * Initial release + + -- Stefan Bühler Thu, 03 Jan 2008 14:42:27 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..1e8b314 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +6 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..7b6e87a --- /dev/null +++ b/debian/control @@ -0,0 +1,18 @@ +Source: execwrap +Section: net +Priority: extra +Maintainer: Stefan Bühler +Build-Depends: cdbs, debhelper (>= 5) +Standards-Version: 3.8.0 +Homepage: http://cyanite.org/projects/execwrap/ +Vcs-Git: git://cyanite.org/execwrap + +Package: execwrap +Architecture: any +Depends: ${shlibs:Depends} +Description: super-user exec wrapper for the lighttpd web-server + ExecWrap is a super-user exec wrapper for the lighttpd web-server, but it can + be used in any environment as long as arguments can be passed from the server + to its children via the environment. + . + ExecWrap is released under the BSD license. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..e2bbc5c --- /dev/null +++ b/debian/copyright @@ -0,0 +1,36 @@ +This package was debianized by Stefan Bühler on +Thu, 03 Jan 2008 14:42:27 +0100. + +It was downloaded from http://cyanite.org/projects/execwrap/ + +Upstream Author: + + Sune Foldager + +Copyright: + + + +License: + + Redistribution and use in source and binary forms, with or without + modification, are permitted under the terms of the BSD License. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +On Debian systems, the complete text of the BSD License can be +found in `/usr/share/common-licenses/BSD'. + + +The Debian packaging is (C) 2008, Stefan Bühler and +is licensed under the GPL, see `/usr/share/common-licenses/GPL'. diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..e845566 --- /dev/null +++ b/debian/docs @@ -0,0 +1 @@ +README diff --git a/debian/execwrap.pam b/debian/execwrap.pam new file mode 100644 index 0000000..f8cb40a --- /dev/null +++ b/debian/execwrap.pam @@ -0,0 +1,5 @@ +#%PAM-1.0 + +session required pam_limits.so + +@include common-session diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..b269792 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,43 @@ +#!/bin/sh +# postinst script for execwrap +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + chown root:www-data /usr/sbin/execwrap + chmod 4750 /usr/sbin/execwrap + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..3175ddf --- /dev/null +++ b/debian/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/makefile.mk + +DEB_MAKE_INSTALL_TARGET := install DESTDIR=$(CURDIR)/debian/execwrap/ +DEB_MAKE_CHECK_TARGET := +DEB_INSTALL_MANPAGES_execwrap-static := execwrap.8 diff --git a/execwrap_config.h b/execwrap_config.h index 76c5de6..d34f809 100644 --- a/execwrap_config.h +++ b/execwrap_config.h @@ -9,16 +9,16 @@ See the README for documentation. /* Our parent must have this UID, or we will abort. */ -#define PARENT_UID 106 +#define PARENT_UID 33 /* Minimum UID we can switch to. */ -#define TARGET_MIN_UID 1000 +#define TARGET_MIN_UID 10000 /* Minimum GID we can switch to. */ -#define TARGET_MIN_GID 100 +#define TARGET_MIN_GID 10000 /* Path prefix all targets must start with. */ -#define TARGET_PATH_PREFIX "/var/www/light/" +#define TARGET_PATH_PREFIX "/srv/www/" /* Default UID to switch to, if none given. */ #define DEFAULT_UID 65534