You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Kaspar Brand <de...@velox.ch> on 2005/04/03 09:34:41 UTC

[2.0 PATCH PR#31302] SSI #exec cmd and suexec

> It's been almost 2 months since 2.0.53.  Think it is time for 2.0.54 yet?

Any chances that the fix I proposed for PR#31302 ("suexec doesn't execute 
commands if they're not in the current dir") finds its way into 2.0.54? I 
have followed Ryan Bloom's advice of how to fix the issue properly, trying 
to be as portable as possible (e.g. by using ap_os_is_path_absolute() and 
apr_filepath_merge()). Comments welcome.

The bug was initially submitted on 2004-09-19; there is also a duplicate 
(29534) from 2004-06-12.

Thanks,
Kaspar