Google

CGIWrap - Change Log

These are some of the changes that have occured in CGIWrap from version to version.

New in version 3.7.1:

  • Added --with-minimum-gid option to check minimum user GID and auxilliary groups. This is in response to complaints on BugTraq about suexec not checking auxgroups.

New in version 3.7:

  • Encode user supplied output in error messages to fix cross-site scripting vulnerability reported by Hiromitsu Takagi.
  • Minor warning cleanup
  • Slight improvement to a couple diagnostic messages.

New in version 3.6.5:

  • Fixed small problem with glibc2.1 and errno.h vs. sys/errno.h
  • Added simple chroot support for expert installations.
  • Applied fix for path translated, removed option for not enabling correct path_translated value.
  • Added multiuser cgi script directory support.
  • Added patch from Scott Sutherland for fixing parsing of auth files.
  • Added patch from Christian Kruse for better symlink handling.

New in version 3.6.4:

  • Changed license to GPL finally.
  • Fixed netmask comparison
  • Added anonymous CVS server info
  • Updates from David Hollenberg for misc. error checking/handling and overflow protection.
  • Added check for making sure cgiwrap is setuid and printing out a usable error message if not.
  • Now prints out path to access control files if one or both are missing.
  • Slight changes to aux groups code just in case setgroups() doesn't support a empty list.
  • Added some extra info to server userid error message.
  • Added some info to the FAQ.

New in version 3.6.3:

  • Added support for checking if user has a valid shell, similar to what ftpd does. The BSD licensed getusershell.o has been included for support where needed.
  • Bug fix for SEGV condition when certain syntax is used for the request. It did not appear exploitable, but would cause cgiwrap to core as root. Thanks to Michael Bryan (michael@blueneptune.com) for the fix.

New in version 3.6.2:

  • Fixed the !logfd check. Thanks to Alexander Wolgast for pointing this out.
  • Added support for reporting rusage/return code after executing script.
  • Changed logging to use close-on-exec flag of file descriptor, so it can be left open for reporting rusage if enabled.
  • Added support for reporting approximate elapsed execution time of a cgi script.

New in version 3.6.1:

  • Fixed the UserInFile routine. It broke cause I forgot to remove newlines.

New in version 3.6:

  • Removed check for ./ in the path of the script. The check for ../ is still there. There doesn't seem to be any need for this check as it appears to be harmless. It is being removed to allow for users with "./" in their home dir (for chrooting with wuftpd) to be able to use cgiwrap.
  • Added code to optionally prevent script execution if the script is group or world writable. I cannot make the check for world writable forced on, since on my site using AFS, the permission bits aren't used, and some scripts might be marked as world writable. Can't break user scripts without a major hassle.
  • Added code to optionally check if script file is a symbolic link. Of course, the script dir itself could still be a symbolic link.
  • Changed to GNU autoconf for configuration
  • Makefile now supports 'install' target with --install-path is specified with configure.
  • Support added for setting PATH and TZ environment variables before executing script
  • Support added for setting a bunch of different RLIMIT_ parameters before executing script, as well as allowing the administrator to set the limits with the --with-rlimit-*=value option to configure.
  • Error messages are now more verbose and output in HTML if possible.
  • Support for calling script using system() has been removed as it is not really needed for anything, and just slows things down.
  • Fixed malloc() error check in GetUserDir routines
  • Fixed race condition with permissions and opening of log file
  • initgroups() and setgroups() support now enabled by default
  • Eliminated buffer overrun in error message about chmod'ing script. Thanks to Duncan Simpson (dps@io.stargate.co.uk)
  • Added --with-minimum-uid option
  • Fixed the subdirectory restrict option. (Thanks to Jeffery Chow ) for pointing this out and for testing the fix.
  • Added CondenseSlashes routine to eliminate doubled and trailing slashes
  • Added SafeMalloc routine to eliminate the need to check malloc result throughout the code.
  • Changed tardist target to touch all files and directories so that a consistent time stamp is reached. This should eliminate spurious calls to autoheader when building cgiwrap.
  • Added in code to configure.in for the various information options such as local-site-url, local-contact-phone, etc.
  • Added fcntl.h include, needed by open(). Problem reported by Seth Chaiklin . Also fixed quoting in the configure.in related to log file.
  • Finished splitting up logging functions and changes to use the Context structure.
  • Minor changes to the makefile, including telling it to use the CFLAGS, and improving the tardist target.
  • Moved extra flag stuff for AFS into it's own section and only run it if needed for AFS support.
  • Not sure why, but 3.6 works with AIX 4, 3.5 did not.
  • Cleaned up Makefile, finished support for building in a separate directory from the source, added a 'dep' target using depend.awk from mutt distribution.
  • Fixed problem with CHECKHOST/CHECKHOSTS typos.
  • Added support for using "*" with checkhost support to restrict ALL userids from being accessed from that host. (*@x.x.x.x/y.y.y.y)
  • Made 'no way to change uids' a compile time error with #error
  • Fixed bug with ALLOWFILE define in util.c.

New in version 3.5:

  • Fixed strerror checking in Configure script and util.c for systems without strerror, can now use strerror, sys_errlist, perror, or just errno.
  • Major documentation overhaul, create all HTML based docs
  • Added option (defaulting to yes) to correctly set the PATH_TRANSLATED environment variable.
  • Fixed bug with the configure script and the use_system option. It would cause a preprocessor error if the system call was not found.
  • Cleaned up various things with the Configure script
  • Changed file prompting to allow using ~ paths.

New in version 3.4:

  • Fixed typo "&" instead of "&&" in setgroups stuff
  • Added cgiwrap.aliases option to rewrite home dirs of users.
  • Moved entire cgiwrap source build tree to CVS, will make tracking changes easier.
  • CGIwrap now changes directories to the directory the script is located in before executing the script. Before, it always just changed to the main CGI directory. This behavior is only different if you were using scripts in subdirectories.
  • Changed style of cgiwrap.allow, cgiwrap.deny files to be the same as cron's allow/deny files.

New in version 3.3:

  • Added support for attaching a label to syslog log messages.
  • Added code to rewrite the PATH_TRANSLATED environment variable.

New in version 3.24:

  • Added support for logging to syslog.

New in version 3.23:

  • Setgroups was being used no matter what you said in configure - fixed
  • Problem with undefined variables in Log call for subdirectories - fixed
  • Removed declaration of sys_errlist, and errno in util.c, since I don't think they were necessary. And they were causing problems on some architectures.
  • Added in user contributed host address checking code
  • Upgraded to using dist-3.0 PL60 for building the Configure script.
  • Separated initgroups() and setgroups() checks into two separate defines, and improved documentation in configure script for these options.

New in version 3.22:

  • argv[0] is now automatically changed to the name of the script that is being executed

New in version 3.21:

  • Rlimit defines weren't set properly when rlimit not available - fixed
  • The optimizer/debugger flag wasn't being used in the makefile -- fixed
  • Defaults for checks (y/n) were not being set - fixed

New in version 3.2:

  • MAJOR code cleanup and simplification. The code should be ALOT easier to read and understand.
  • Fixed the problem in the Makefile on certain architectures with the $(var) not being escaped properly. This should solve problems with Linux machines and BSD machines that I know of.
  • Changes way PATH_INFO is modified, CGIwrap will now correct SCRIPT_NAME for ?user=USER&script=SCRIPT type requests as well as /user/script type requests.
  • Subdirectories are now supported for both types of requests
  • Debugging output has been condensed and is a little easier to read.
  • Documentation has been reworked, it should be a little easier to use.
  • Fixed prototypes for all the functions in the cgiwrap source.
  • Removed a few unnecessary routines
  • Changed "mystrcpy" to be "strdup", and is compiled only if the current architecture does not have strdup available in it's standard library.

New in version 3.11:

  • Fixed incorrectly indented # directives that were causing problems with some machines.

New in version 3.1:

  • Added CONF_ALLOWFILE and CONF_DENYFILE options.
  • Added logging of REMOTE_USER and a status message to the log file
  • Added an unsupported directory for user contributed scripts and add-ons
  • Restructured logic for which 'set' method gets used.
  • Removed option to not check if gid changed, it was an oversight that this was left in. There isn't any case I know of that you wouldn't want to check this.
  • Moved id setting routines into util.c
  • Added new source file for allow/deny code.
  • Removed some error output that didn't make sense (system error messages that were getting returned when I issued a regular cgiwrap error)
  • Added a 'remake' target to the makefile which does a clean, then a Configure -S, then a make all to rebuild he entire binary. This is useful if you have multiple config.sh files (eg. you're building for several setups from the same dir)

New in version 3.0:

  • Set up Configure scripts for CGIwrap
  • Renamed many of the config options to make more consistent
  • Rearranged directory structure of CGIwrap distribution
  • Removed "CONF_SANITIZE" option, it is always on now.
  • Removed "CONF_CHECK_UID" option, it is always on now.
  • Removed "CONF_FORCE_DEBUG" option, and "CONF_DEBUG_BY_NAME" option, cgiwrap automatically does debugging output by name now.
  • Added info about setting up an access-controlled cgiwrap which allows users to control access to their scripts.
  • Renamed DEBUG to CONF_DEBUG to solve a compile problem with some systems wanting to add -DDEBUG to CFLAGS.

New in version 2.7:

  • Added HTTPD_USER and CHECK_HTTPD_USER to verify that cgiwrap is being called by the server. This is for (access to scripts) security, it doesn't affect system security any.
  • Added AFS PAG support

New in version 2.6:

  • Moved rlimit call into new subroutine SetLimits
  • Changed exec call to an execv and passed argv to support argument passing This will only work correctly for scripts called with no other arguments... Eg, must use "cgiwrap/user/script?" syntax

New in version 2.5:

  • Fixed problem with not correctly falling back from PATH_INFO
  • Added SETUID_SETEUID option for setting UID's
  • Added checks to make sure effective ugid changed as well as real.

New in version 2.4:

  • Fixed incorrect exec call, added null at end.

New in versoin 2.3:

  • Fixed location of setgroups() call
  • Added INSTALL file and fixed PROMO that was old.

New in version 2.2:

  • More debug outpt for environment variables
  • Option to check exec bit on script and error msg if not set

New in version 2.1:

  • Fixed ~ bug
  • Added PATH_INFO and SCRIPT_NAME rewrite code
  • Added SETGROUPS option to config
  • Added RLIMIT option to config

New in version 2.0:

  • Added support for PATH_INFO specification of user/script
  • Added stderr redirection to stdout
  • Added option for doing debugging output by cmd name
  • Added option to use exec or system calls

New in version 1.0:

  • Everything! This is the first public distribution.