From bde157a8ad9bd7fa477b946e6a92ba015df2e456 Mon Sep 17 00:00:00 2001 From: jsg Date: Tue, 5 Aug 2014 09:24:21 +0000 Subject: [PATCH] add a config option to specify the chroot directory ok reyk@ --- usr.sbin/httpd/httpd.c | 6 +++++- usr.sbin/httpd/httpd.conf.5 | 11 +++++++++-- usr.sbin/httpd/httpd.h | 3 ++- usr.sbin/httpd/parse.y | 8 ++++++-- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/usr.sbin/httpd/httpd.c b/usr.sbin/httpd/httpd.c index 235e661a3f6..4064abe0a75 100644 --- a/usr.sbin/httpd/httpd.c +++ b/usr.sbin/httpd/httpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.c,v 1.15 2014/08/04 15:49:28 reyk Exp $ */ +/* $OpenBSD: httpd.c,v 1.16 2014/08/05 09:24:21 jsg Exp $ */ /* * Copyright (c) 2014 Reyk Floeter @@ -150,6 +150,7 @@ int main(int argc, char *argv[]) { int c; + unsigned int proc; int debug = 0, verbose = 0; u_int32_t opts = 0; struct httpd *env; @@ -225,6 +226,9 @@ main(int argc, char *argv[]) ps->ps_instances[PROC_SERVER] = env->sc_prefork_server; ps->ps_ninstances = env->sc_prefork_server; + for (proc = 0; proc < nitems(procs); proc++) + procs[proc].p_chroot = env->sc_chroot; + proc_init(ps, procs, nitems(procs)); setproctitle("parent"); diff --git a/usr.sbin/httpd/httpd.conf.5 b/usr.sbin/httpd/httpd.conf.5 index f25136e1332..fa805ede423 100644 --- a/usr.sbin/httpd/httpd.conf.5 +++ b/usr.sbin/httpd/httpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: httpd.conf.5,v 1.21 2014/08/04 17:38:12 reyk Exp $ +.\" $OpenBSD: httpd.conf.5,v 1.22 2014/08/05 09:24:21 jsg Exp $ .\" .\" Copyright (c) 2014 Reyk Floeter .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 4 2014 $ +.Dd $Mdocdate: August 5 2014 $ .Dt HTTPD.CONF 5 .Os .Sh NAME @@ -102,6 +102,13 @@ This increases the performance and prevents delays when connecting to a server. .Xr httpd 8 runs 3 server processes by default. +.It Ic chroot Ar directory +Set the +.Xr chroot 2 +directory. +If not specified, it defaults to +.Pa /var/www , +the home directory of the www user. .El .Sh SERVERS The configured web servers. diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h index b5cff077ce0..d3a6ca865d4 100644 --- a/usr.sbin/httpd/httpd.h +++ b/usr.sbin/httpd/httpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.h,v 1.42 2014/08/04 18:12:15 reyk Exp $ */ +/* $OpenBSD: httpd.h,v 1.43 2014/08/05 09:24:21 jsg Exp $ */ /* * Copyright (c) 2006 - 2014 Reyk Floeter @@ -397,6 +397,7 @@ struct httpd { u_int16_t sc_prefork_server; u_int16_t sc_id; int sc_paused; + char *sc_chroot; struct serverlist *sc_servers; struct mediatypes *sc_mediatypes; diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y index 649bd977981..8562f81c88f 100644 --- a/usr.sbin/httpd/parse.y +++ b/usr.sbin/httpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.23 2014/08/04 17:38:12 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.24 2014/08/05 09:24:21 jsg Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter @@ -124,7 +124,7 @@ typedef struct { %} -%token AUTO COMMON COMBINED CONNECTION DIRECTORY FCGI FILE INDEX LISTEN +%token AUTO CHROOT COMMON COMBINED CONNECTION DIRECTORY FCGI FILE INDEX LISTEN %token LOCATION LOG NO ON PORT PREFORK ROOT SERVER SOCKET SSL STYLE SYSLOG %token TYPES %token ERROR INCLUDE @@ -182,6 +182,9 @@ main : PREFORK NUMBER { } conf->sc_prefork_server = $2; } + | CHROOT STRING { + conf->sc_chroot = $2; + } ; server : SERVER STRING { @@ -612,6 +615,7 @@ lookup(char *s) /* this has to be sorted always */ static const struct keywords keywords[] = { { "auto", AUTO }, + { "chroot", CHROOT }, { "combined", COMBINED }, { "common", COMMON }, { "connection", CONNECTION }, -- 2.20.1