You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/02/12 09:45:08 UTC
DO NOT REPLY [Bug 16984] New: -
suexec.c error
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16984>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16984
suexec.c error
Summary: suexec.c error
Product: Apache httpd-1.3
Version: 1.3.27
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Other
Component: Build
AssignedTo: bugs@httpd.apache.org
ReportedBy: rfall@witsend.com
CC: rfall@witsend.com
This line is the suexec.c file is in error:
fprintf(stderr, " -D SUEXEC_UMASK=%03o\n", SUEXEC_UMASK);
Here's why: most users who want to define their own SUEXEC_UMASK
value probably assume that, like the system umask command, the
value provided is in octal. So, in setting up the make configuration using
the "configure" script, the user would probably enter:
"suexec-umask=22"
believing that this would cause the group and world write bits to be
turned off in any file created by a program running under suexec.
However, because of the format used in the suexec.c line above,
the value of "SUEXEC_UMASK" is treated as a decimal value and
converted to octal for internal use by suexec. The above value of
22 (assumed by the user to already be in octal) would become
26 inside suexec, which is definitely not what the user expected!
The proper line would be, I think:
fprintf(stderr, " -D SUEXEC_UMASK=%03d\n", SUEXEC_UMASK);
Either that, or the suexec documentation should be modified to make
it clear that suexec-umask requires a decimal value.
I would prefer the first solution.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org