You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/12/11 13:38:20 UTC
DO NOT REPLY [Bug 46380] New: Apache 2.2.10 and suexec extra argv
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
Summary: Apache 2.2.10 and suexec extra argv
Product: Apache httpd-2
Version: 2.2.10
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: worker
AssignedTo: bugs@httpd.apache.org
ReportedBy: russ@cpanel.net
With the recent apache 2.2.10 update, @ARGV is being populated with an extra
empty argument. Here is an example from straces of what httpd is trying to
run:
strace of process calling suexec with apache 2.2.10
[pid 18070] execve("/usr/local/apache/bin/suexec",
["/usr/local/apache/bin/suexec", "2057", "2051",
"rick.pl", ""], [/* 24 vars */]) = 0
same in apache 2.2.9
[pid 21364] execve("/usr/local/apache/bin/suexec",
["/usr/local/apache/bin/suexec", "2057", "2051",
"rick.pl"], [/* 24 vars */]) = 0
you'll notice in the 2.2.10 example, there is an empty arg being passed. This
can easily be duplicated on any apache 2.2.10 server.
This only occurs with MPM_Worker enabled on the server. It don't appear in
MPM_Prefork for this in default setting.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
--- Comment #7 from Dan Muey <da...@cpanel.net> 2008-12-14 17:02:13 PST ---
(In reply to comment #3)
> Can you please try if the following patch fixes your issue?
>
> Index: modules/generators/mod_cgid.c
> ===================================================================
> --- modules/generators/mod_cgid.c (revision 726007 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=726007 ))
> +++ modules/generators/mod_cgid.c (working copy)
> @@ -201,7 +201,7 @@
> char *w;
> int idx = 0;
>
> - if (ap_strchr_c(args, '=')) {
> + if (!(*args) || ap_strchr_c(args, '=')) {
> numwords = 0;
> }
> else {
Unfortunately that did not resolve it.
This was my configure line:
./configure --disable-authn-default --enable-expires --enable-headers
--enable-info --enable-logio --enable-rewrite --enable-ssl --enable-suexec
--enable-unique-id --prefix=/usr/local/apache --with-included-apr
--with-mpm=worker --with-ssl=/usr --with-suexec-caller=nobody
--with-suexec-docroot=/ --with-suexec-gidmin=100
--with-suexec-logfile=/usr/local/apache/logs/suexec_log
--with-suexec-uidmin=100 --with-suexec-userdir=public_html
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
--- Comment #9 from Dan Muey <da...@cpanel.net> 2008-12-14 18:59:22 PST ---
Created an attachment (id=23021)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23021)
don't set args if there are none
Redoing it with a make clean first and ensuring the patch is applied,
definitely works.
We've apply this patch now in our EasyApache building system.
Thanks for your assistance with that, looking forward to it being part of the
core :)
Thanks again!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
--- Comment #12 from Ruediger Pluem <rp...@apache.org> 2009-08-02 12:31:26 PST ---
Proposed for backport as r800136 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=800136 ).
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
Russell Rademacher <ru...@cpanel.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #2 from Russell Rademacher <ru...@cpanel.net> 2008-12-11 20:50:14 PST ---
http://xpthemetest.com/cgi-bin/test.cgi
This is the code for the script:
---------------------
#!/usr/bin/perl
print "Content-Type: text/html\n\n";
print "Argument count: $#ARGV<br>\n";
for ($i = 0; $i <= $#ARGV; $i++){
print "Argument $i is: ";
print @ARGV[$i];
print "<br>\n";
}
1;
---------------------
prior to 2.2.10, it would return:
Argument count: -1
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Ruediger Pluem <rp...@apache.org> 2008-12-11 12:10:45 PST ---
Please provide the URL that was used calling your perl script including the
arguments.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
--- Comment #8 from Dan Muey <da...@cpanel.net> 2008-12-14 18:02:59 PST ---
(In reply to comment #7)
> (In reply to comment #3)
> > Can you please try if the following patch fixes your issue?
> >
> > Index: modules/generators/mod_cgid.c
> > ===================================================================
> > --- modules/generators/mod_cgid.c (revision 726007 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=726007 ))
> > +++ modules/generators/mod_cgid.c (working copy)
> > @@ -201,7 +201,7 @@
> > char *w;
> > int idx = 0;
> >
> > - if (ap_strchr_c(args, '=')) {
> > + if (!(*args) || ap_strchr_c(args, '=')) {
> > numwords = 0;
> > }
> > else {
>
> Unfortunately that did not resolve it.
I take that back, it *does* resolve it :) I'll have to look into why it didn't
seem to work before.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
Russell Rademacher <ru...@cpanel.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #4 from Russell Rademacher <ru...@cpanel.net> 2008-12-14 16:23:52 PST ---
If there is a query string, either ?param=value or ?arg+arg+arg, no extra item
is added.
The problem also seem sdependent on the shebang line, for example out of these
two scripts the /bin/bash one does not have a spurious argument, The
/usr/bin/perl one does.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
--- Comment #6 from Dan Muey <da...@cpanel.net> 2008-12-14 17:00:10 PST ---
Created an attachment (id=23020)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23020)
CGI with shell-as-shebang that does not suffer from this bug
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk, PatchAvailable
--- Comment #10 from Ruediger Pluem <rp...@apache.org> 2008-12-14 23:48:03 PST ---
Committed to trunk as r726636 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=726636 )
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rudy.amid@tais.toshiba.com
--- Comment #11 from Ruediger Pluem <rp...@apache.org> 2009-01-22 13:10:30 PST ---
*** Bug 46530 has been marked as a duplicate of this bug. ***
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
--- Comment #5 from Dan Muey <da...@cpanel.net> 2008-12-14 16:59:34 PST ---
Created an attachment (id=23019)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23019)
CGI (in perl) that exhibits this issue and includes server info
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #13 from Ruediger Pluem <rp...@apache.org> 2009-08-03 07:39:02 PST ---
Backported to 2.2.x as r800410 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=800410 ).
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46380] Apache 2.2.10 and suexec extra argv
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46380
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #3 from Ruediger Pluem <rp...@apache.org> 2008-12-12 06:22:55 PST ---
Can you please try if the following patch fixes your issue?
Index: modules/generators/mod_cgid.c
===================================================================
--- modules/generators/mod_cgid.c (revision 726007 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=726007 ))
+++ modules/generators/mod_cgid.c (working copy)
@@ -201,7 +201,7 @@
char *w;
int idx = 0;
- if (ap_strchr_c(args, '=')) {
+ if (!(*args) || ap_strchr_c(args, '=')) {
numwords = 0;
}
else {
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org