diff -rupN suphp-0.7.1/src/Application.cpp suphp-0.7.1.new/src/Application.cpp --- suphp-0.7.1/src/Application.cpp 2009-03-14 13:55:25.000000000 -0400 +++ suphp-0.7.1.new/src/Application.cpp 2010-09-23 05:49:30.000000000 -0400 @@ -37,6 +37,11 @@ #include "Application.hpp" +#ifdef ENABLE_LVE +#include <pwd.h> +#include <dlfcn.h> +#endif + using namespace suPHP; @@ -422,6 +427,29 @@ void suPHP::Application::changeProcessPe throw (SystemException, SoftException, SecurityException) { API& api = API_Helper::getSystemAPI(); +#ifdef ENABLE_LVE +#ifndef SECURELVE_MIN_UID +#define SECURELVE_MIN_UID 100 +#endif + /* cagefs 2.0 suphp patch */ + void *lib_handle = dlopen("liblve.so.0", RTLD_LAZY); + if (lib_handle) { + Logger& logger = API_Helper::getSystemAPI().getSystemLogger(); + char *error; char error_msg[8192]; dlerror(); /* Clear any existing error */ + int (*jail)(struct passwd *, int, char*) = (int (*)(passwd*, int, char*)) dlsym(lib_handle, "lve_jail_uid"); + if ((error = dlerror()) != NULL) { + std::string err("Failed to init LVE library "); + err += error; logger.logWarning(err); + throw SoftException(err, __FILE__, __LINE__); + } + int result = jail(getpwuid(targetUser.getUid()), SECURELVE_MIN_UID, error_msg); + if (result < 0) { + std::string err("CageFS jail error "); + err += error_msg; logger.logWarning(err); + throw SoftException(err, __FILE__, __LINE__); + } + } +#endif // Set new group first, because we still need super-user privileges // for this api.setProcessGroup(targetGroup); diff -rupN suphp-0.7.1/src/Makefile.in suphp-0.7.1.new/src/Makefile.in --- suphp-0.7.1/src/Makefile.in 2009-03-14 14:08:17.000000000 -0400 +++ suphp-0.7.1.new/src/Makefile.in 2010-09-23 05:49:40.000000000 -0400 @@ -65,23 +65,23 @@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -DENABLE_LVE=1 LTCXXCOMPILE = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) CXXLD = $(CXX) CXXLINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ + $(LDFLAGS) -ldl -o $@ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -DENABLE_LVE=1 LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ + $(LDFLAGS) -ldl -o $@ SOURCES = $(suphp_SOURCES) DIST_SOURCES = $(suphp_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \