2 * WebSTUMP wrapper. You have to compile this program using "make" and
3 * make sure that it is installed under ../bin. It should be set up as
4 * setuid your user id. Directory referred to by webstump_home should
5 * exist and belong to the effective user id or the program will refuse
12 #include <sys/types.h>
15 const char * webstump_home = WEBSTUMP_HOME;
17 const char * script_name = "scripts/webstump.pl";
19 const char *safe_env[] = {
40 void cgi_error( const char * buf );
42 /* Wrapper code. Argc and argv are ignored, except fot the list of
43 * predefined variables.
46 int main( int argc, char * argv[] ) /* argv is ignored */
48 char * new_env[ 1000 ]; /* new environment */
49 char * new_argv[] = { NULL }; /* no arguments */
50 char script_file_name[ 1024 ];
55 for( i = 0, new_env_i = 0; safe_env[i] != NULL; i++ )
58 if( (var = getenv( safe_env[i] )) != NULL ) {
59 char * new_var = malloc( strlen( safe_env[i] ) + 1 + strlen( var ) + 1 );
62 strcpy( new_var, safe_env[i] );
63 strcat( new_var, "=" );
64 strcat( new_var, var );
65 new_env[ new_env_i++ ] = new_var;
70 new_env[new_env_i] = NULL;
72 /* check existence and ownership of the perl script */
74 strcpy( script_file_name, webstump_home );
75 strcat( script_file_name, "/" );
76 strcat( script_file_name, script_name );
78 if( stat( script_file_name, & stat_buf ) != 0 )
80 sprintf( buf, "Could not access file %s to check permissions.",
86 if( stat_buf.st_uid != geteuid() )
88 sprintf( buf, "Security violation: file %s \n"
89 "belongs to a different user than my effective user id.",
95 if( stat_buf.st_mode & (0 | 02) ) /* group or world writable */
97 printf( "File mode = %o, compared to %o\n", stat_buf.st_mode, (020 | 02) );
98 sprintf( buf, "Security violation: file %s \n"
99 "is group or world writable.",
105 execve( script_file_name, new_argv, new_env );
107 /* We can only be here if it could not be executed */
109 sprintf( buf, "Error: could not execute file %s", script_file_name );
114 void cgi_error( const char * buf )
117 "Content-Type: text/html\n\n"
118 "<TITLE>WebSTUMP Error</TITLE>\n"
119 "<H1>WebSTUMP Error</H1>\n"