You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rob Hartill <ro...@imdb.com> on 1996/09/16 00:50:05 UTC

WWW Form Bug Report: "cgi-bin exec perm denied even though httpd has read / execute perms to script" on Solaris 2.x (fwd)

will ack when I get the diffs.


----- Forwarded message from dabel@abel-info.com -----

Message-Id: <19...@taz.hyperreal.com>
From: dabel@abel-info.com
To: apache-bugs%apache.org@organic.com
Date: Sun Sep 15 15:22:39 1996
Subject: WWW Form Bug Report: "cgi-bin exec perm denied even though httpd has read / execute perms to script" on Solaris 2.x

Submitter: dabel@abel-info.com
Operating system: Solaris 2.x, version: 2.4
Version of Apache Used: 1.1.1 (Stronhold 1.3)
Extra Modules used: mod_cgi.c is pertinant module
URL exhibiting problem: 

Symptoms:
--
can_exec in util.c only checks for the specific 
uid specified in the config file when checking
group perms on cgi scripts.  Since the uid httpd
is running under can be a member of other groups,
httpd may incorrectly deny acess when it is 
permitted by the group perms in question.

The fix was quite simple and I have the context
diffs for it (applied to the Stronghold source).
Will send them in a separate message.

Hope its useful.
--

----- End of forwarded message from dabel@abel-info.com -----