You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Mark Bentley <be...@cs.umn.edu> on 1997/03/27 16:10:02 UTC
suexec/269: Server-side include exec cmd with suEXEC bug
The contract type is `' with a response time of 3 business hours.
A first analysis should be sent before: Thu Mar 27 11:00:02 PST 1997
>Number: 269
>Category: suexec
>Synopsis: Server-side include exec cmd with suEXEC bug
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Thu Mar 27 07:10:02 1997
>Originator: bentlema@cs.umn.edu
>Organization:
apache
>Release: 1.2b7
>Environment:
>Description:
An SSI such as:
<!--#exec cmd="bin/myscript" -->
which is relative to UserDir, doesn't work because of these lines in suEXEC:
/*
* Check for a '/' in the command to be executed,
* to protect against attacks. If a '/' is
* found, error out. Naughty naughty crackers.
*/
if ((strchr(cmd, '/')) != NULL ) {
log_err("invalid command (%s)\n", cmd);
exit(104);
}
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted: