2 * WebSTUMP wrapper. You have to compile this program using "make" and
3 * make sure that it is installed under ../bin. It should be set up as
4 * setuid your user id. Directory referred to by webstump_home should
5 * exist and belong to the effective user id or the program will refuse
13 #include <sys/types.h>
16 const char * webstump_home = WEBSTUMP_HOME;
18 const char * script_name = "scripts/webstump.pl";
20 const char *safe_env[] = {
41 void cgi_error( const char * buf );
43 /* Wrapper code. Argc and argv are ignored, except fot the list of
44 * predefined variables.
47 int main( int argc, char * argv[] ) /* argv is ignored */
49 char * new_env[ 1000 ]; /* new environment */
50 char * new_argv[] = { NULL }; /* no arguments */
51 char script_file_name[ 1024 ];
56 for( i = 0, new_env_i = 0; safe_env[i] != NULL; i++ )
59 if( (var = getenv( safe_env[i] )) != NULL ) {
60 char * new_var = malloc( strlen( safe_env[i] ) + 1 + strlen( var ) + 1 );
63 strcpy( new_var, safe_env[i] );
64 strcat( new_var, "=" );
65 strcat( new_var, var );
66 new_env[ new_env_i++ ] = new_var;
71 new_env[new_env_i] = NULL;
73 /* check existence and ownership of the perl script */
75 strcpy( script_file_name, webstump_home );
76 strcat( script_file_name, "/" );
77 strcat( script_file_name, script_name );
79 if( stat( script_file_name, & stat_buf ) != 0 )
81 sprintf( buf, "Could not access file %s to check permissions.",
87 if( stat_buf.st_uid != geteuid() )
89 sprintf( buf, "Security violation: file %s \n"
90 "belongs to a different user than my effective user id.",
96 if( stat_buf.st_mode & (0 | 02) ) /* group or world writable */
98 printf( "File mode = %o, compared to %o\n", stat_buf.st_mode, (020 | 02) );
99 sprintf( buf, "Security violation: file %s \n"
100 "is group or world writable.",
106 execve( script_file_name, new_argv, new_env );
108 /* We can only be here if it could not be executed */
110 sprintf( buf, "Error: could not execute file %s", script_file_name );
115 void cgi_error( const char * buf )
118 "Content-Type: text/html\n\n"
119 "<TITLE>WebSTUMP Error</TITLE>\n"
120 "<H1>WebSTUMP Error</H1>\n"