MOON
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
System: Linux csr818.wilogic.com 2.6.18-419.el5xen #1 SMP Fri Feb 24 22:50:37 UTC 2017 x86_64
User: digitals (531)
PHP: 5.4.45
Disabled: NONE
$ pwd: /proc/self/root/proc/self/root/scripts.20110531.215904.25158/
Upload Files
File: //proc/self/root/proc/self/root/scripts.20110531.215904.25158/fpsuexec
#!/bin/sh
# cpanel4 - scripts        Copyright(c) 1997-2002 cPanel, Inc..
#                                 All rights Reserved.
# copyright@cpanel.net      http://cpanel.net
# This code is subject to the cpanel license. Unauthorized copying is prohibited
# This is a shell archive (produced by GNU sharutils 4.2.1).
# To extract the files from this archive, save it to some FILE, remove
# everything before the `!/bin/sh' line above, then type `sh FILE'.
#
# Made on 2001-12-16 10:58 EST by <root@kremlin.hostnoc.net>.
# Source directory was `/'.
#
# Existing files will *not* be overwritten unless `-c' is specified.
#
# This shar contains:
# length mode       name
# ------ ---------- ------------------------------------------
#   5242 -rw-r--r-- /usr/local/frontpage/version5.0/apache-fp/fpexe.patch
#
save_IFS="${IFS}"
IFS="${IFS}:"
gettext_dir=FAILED
locale_dir=FAILED
first_param="$1"
for dir in $PATH
do
  if test "$gettext_dir" = FAILED && test -f $dir/gettext \
     && ($dir/gettext --version >/dev/null 2>&1)
  then
    set `$dir/gettext --version 2>&1`
    if test "$3" = GNU
    then
      gettext_dir=$dir
    fi
  fi
  if test "$locale_dir" = FAILED && test -f $dir/shar \
     && ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
  then
    locale_dir=`$dir/shar --print-text-domain-dir`
  fi
done
IFS="$save_IFS"
if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
then
  echo=echo
else
  TEXTDOMAINDIR=$locale_dir
  export TEXTDOMAINDIR
  TEXTDOMAIN=sharutils
  export TEXTDOMAIN
  echo="$gettext_dir/gettext -s"
fi
if touch -am -t 200112312359.59 $$.touch >/dev/null 2>&1 && test ! -f 200112312359.59 -a -f $$.touch; then
  shar_touch='touch -am -t $1$2$3$4$5$6.$7 "$8"'
elif touch -am 123123592001.59 $$.touch >/dev/null 2>&1 && test ! -f 123123592001.59 -a ! -f 123123592001.5 -a -f $$.touch; then
  shar_touch='touch -am $3$4$5$6$1$2.$7 "$8"'
elif touch -am 1231235901 $$.touch >/dev/null 2>&1 && test ! -f 1231235901 -a -f $$.touch; then
  shar_touch='touch -am $3$4$5$6$2 "$8"'
else
  shar_touch=:
  echo
  $echo 'WARNING: not restoring timestamps.  Consider getting and'
  $echo "installing GNU \`touch', distributed in GNU File Utilities..."
  echo
fi
rm -f 200112312359.59 123123592001.59 123123592001.5 1231235901 $$.touch
#
if mkdir _sh08260; then
  $echo 'x -' 'creating lock directory'
else
  $echo 'failed to create lock directory'
  exit 1
fi
# ============= /usr/local/frontpage/version5.0/apache-fp/fpexe.patch ==============
if test ! -d '/usr'; then
  $echo 'x -' 'creating directory' '/usr'
  mkdir '/usr'
fi
if test ! -d '/usr/local'; then
  $echo 'x -' 'creating directory' '/usr/local'
  mkdir '/usr/local'
fi
if test ! -d '/usr/local/frontpage'; then
  $echo 'x -' 'creating directory' '/usr/local/frontpage'
  mkdir '/usr/local/frontpage'
fi
if test ! -d '/usr/local/frontpage/version5.0'; then
  $echo 'x -' 'creating directory' '/usr/local/frontpage/version5.0'
  mkdir '/usr/local/frontpage/version5.0'
fi
if test ! -d '/usr/local/frontpage/version5.0/apache-fp'; then
  $echo 'x -' 'creating directory' '/usr/local/frontpage/version5.0/apache-fp'
  mkdir '/usr/local/frontpage/version5.0/apache-fp'
fi
if test -f '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch' && test "$first_param" != -c; then
  $echo 'x -' SKIPPING '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch' '(file already exists)'
else
  $echo 'x -' extracting '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch' '(text)'
  sed 's/^X//' << 'SHAR_EOF' > '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch' &&
--- fpexe.c.orig	Sun Dec 16 09:06:39 2001
+++ fpexe.c	Sun Dec 16 10:52:24 2001
@@ -29,7 +29,6 @@
X  * User configurable items.  We will not run the server extensions with any
X  * UID/GID less than LOWEST_VALID_UID/LOWEST_VALID_GID.
X  */
-
X #if defined(RS6000)
X #define _ALL_SOURCE
X #endif
@@ -226,8 +225,9 @@
X int main(int argc, char **argv)
X {
X     struct passwd* pw = 0;
+    const char* patchco = "DarkORB";
X     const char* szFpUserName;
-    const char* szFpExe = getenv("FPEXE");
+    const char* szFpExe = getenv("SCRIPT_NAME");
X     const char* szFpUid = getenv("FPUID");
X     const char* szFpGid = getenv("FPGID");
X     const char* szFpFd  = getenv("FPFD");
@@ -254,15 +254,6 @@
X         szFpDir = FPDIR;
X 
X     /*
-     * Assure that this program was actually SUID'd to root
-     */
-    if (geteuid())
-        /*
-         * User recovery:  Make sure fpexe is setuid to root
-         */
-        die("FrontPage SUID Error: not running as root");
-
-    /*
X      * Assure that the user the web server runs as is a valid user
X      */
X     if (!getpwuid(getuid()))
@@ -274,7 +265,7 @@
X     /*
X      * Assure that we have the proper arguments (passed in the environment)
X      */
-    if (!szFpExe || !szFpUid || !szFpGid || !szFpFd || !szFpDir)
+    if (!szFpExe || !szFpDir)
X         /*
X          * User recovery:  Make sure fpexe is run from patched Apache server
X          */
@@ -298,108 +289,6 @@
X         die("FrontPage SUID Error: path too long");
X     strcpy(szWork, szFpDir);
X     strcat(szWork, szFpExe);
-
-    iFpUid = strtol(szFpUid, &pEnd, 10);
-    if (!pEnd || *pEnd)
-        iFpUid = 0;
-    if (iFpUid < LOWEST_VALID_UID || !(pw = getpwuid(iFpUid)))
-        /*
-         * User recovery:  Make sure FrontPage user ids are above minimum
-         */
-        die("FrontPage SUID Error: invalid target uid");
-    szFpUserName = strdup(pw->pw_name);
-
-    iFpGid = strtol(szFpGid, &pEnd, 10);
-    if (!pEnd || *pEnd)
-        iFpGid = 0;
-    if (iFpGid < LOWEST_VALID_GID || !getgrgid(iFpGid))
-        /*
-         * User recovery:  Make sure FrontPage group ids are above minimum
-         */
-        die("FrontPage SUID Error: invalid target gid");
-
-    iFpFd = strtol(szFpFd, &pEnd, 10);
-    if (!pEnd || *pEnd)
-        iFpFd = -1;
-    if (iFpFd < 0)
-        /*
-         * User recovery:  Make sure fpexe is run from patched Apache server
-         */
-        die("FrontPage SUID Error: invalid key file descriptor");
-
-    /*
-     * Read the key from our server.  And, while we're still root and have
-     * access, read the key from the master key file.  Verify the key matches.
-     */
-    if (Vlstat(FPKEYDIR, &fs) == -1 ||
-        (fs.st_mode & (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)) || fs.st_uid ||
-        !(S_ISDIR(fs.st_mode)))
-        /*
-         * User recovery is: set directory to be owned by by root with
-         * permissions rwx--x--x.
-         */
-        die("FrontPage SUID Error: key file directory is insecure");
-
-#if defined(sun) && !defined(__SVR4)
-    sprintf(szKeyFile, KEYFILE, (int)getpgrp(0));
-#else
-    sprintf(szKeyFile, KEYFILE, (int)getpgrp());
-#endif
-    if (Vstat(szKeyFile, &fs) == -1 ||
-        (fs.st_mode & (S_IRWXG | S_IRWXO)) || fs.st_uid)
-        /*
-         * User recovery is:  Make sure the key file is properly protected
-         * (owned by root, permissions r**------), restart patched Apache
-         * server.
-         */
-        die("FrontPage SUID Error: key file security violation");
-    
-    iKeyFd = open(szKeyFile, O_RDONLY);
-    if (iKeyFd < 0)
-        /*
-         * User recovery is:  Make sure fpexe is run from patched Apache
-         * server, restart the patched Apache server.
-         */
-        die("FrontPage SUID Error: could not open key file" );
-    iCount = read(iKeyFd, refKey, sizeof(refKey));
-    close(iKeyFd);
-    if (iCount != sizeof(refKey))
-        /*
-         * User recovery is:  Make sure fpexe is run from patched Apache
-         * server, restart the patched Apache server.
-         */
-        die("FrontPage SUID Error: could not read valid key from key file");
-
-    iCount = read(iFpFd, inpKey, sizeof(inpKey));
-    close(iFpFd);
-    if (iCount != sizeof(inpKey))
-        /*
-         * User recovery is:  Make sure fpexe is run from patched Apache server
-         */
-        die("FrontPage SUID Error: could not read valid input key");
-
-    if (memcmp(inpKey, refKey, sizeof(refKey)) != 0)
-        /*
-         * User recovery is:  Make sure fpexe is run from patched Apache server
-         */
-        die("FrontPage SUID Error: key security violation");
-
-    /*
-     * Change user and group IDs to be the indicated user
-     */
-    if (setgid(iFpGid) == -1 || initgroups(szFpUserName, iFpGid) == -1)
-        /*
-         * User recovery:  Make sure user is properly registered in 
-         * /etc/passwd and /etc/group.
-         */
-        die("FrontPage SUID Error: setgid() failed");
-    
-    if (setuid(iFpUid) == -1)
-        /*
-         * User recovery:  Make sure user is properly registered in
-         * /etc/passwd.
-         */
-        die("FrontPage SUID Error: setuid() failed");
X 
X     /*
X      * Validate the target directory.
SHAR_EOF
  (set 20 01 12 16 10 58 04 '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch'; eval "$shar_touch") &&
  chmod 0644 '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch' ||
  $echo 'restore of' '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch' 'failed'
  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
    || $echo '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch:' 'MD5 check failed'
0b4239dd0d25be388f0842beeab57541  /usr/local/frontpage/version5.0/apache-fp/fpexe.patch
SHAR_EOF
  else
    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch'`"
    test 5242 -eq "$shar_count" ||
    $echo '/usr/local/frontpage/version5.0/apache-fp/fpexe.patch:' 'original size' '5242,' 'current size' "$shar_count!"
  fi
fi
rm -fr _sh08260
exit 0
@ Telegram