You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by fe...@crowfix.com on 2002/04/15 07:48:35 UTC

Apache 2.0.35 suexec -- more investigation

I wrote a little dummy program which prints out its command line args
to a file and exits with an error code.  I substituted this for the
real sbin/suexec under both 1.3.20 and 2.0.35.  I think there is
definitely a bug, so I'll send email to some developer's list, I
guess.

Under 1.3.20, these are the args passed to suexec:

	argv = (/usr/local/apache/sbin/suexec)
	argv = (~felix)
	argv = (users)
	argv = (delwww)

Here is what 2.0.35 passes to suexec:

	argv = (/usr/local/apache/sbin/suexec)
	argv = (501)
	argv = (100)
	argv = (delwww)
	argv = (delwww)

The new apache goes out of its way to send the uid and gid, not the
names.  Suexec itself is hardly changed from 1.3.20 to 2.0.35, so
there's a lack of communication here.  Suexec.c expecially looks to
see if the user arg begins with a tilder, in which case it uses
suexec-uderdir instead of suexec-docroot.

For now, I'm back to 1.3.20.  I'll let you know of anything else I
find out.

-- 
            ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
     Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
  GPG = E987 4493 C860 246C 3B1E  6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Apache 2.0.35 suexec -- bug on file already

Posted by fe...@crowfix.com.

OK, no more complaints from me :-) someone has already reported the
exact same symptoms and cause -- (#7810)

	http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7810

So for now I'll either make up a dummy suexec wrapper workaround, or
revert back to 1.3.  I think it should not be a difficult bug to fix,
but it would take someone who knows the internals and change history
to know the right way to fix it.

-- 
            ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
     Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
  GPG = E987 4493 C860 246C 3B1E  6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org