You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Alex Semenyaka <al...@rinet.ru> on 1998/05/17 13:34:58 UTC
suexec/2241: suEXEC won't execute anything not under DOC_ROOT from suexec.h
>Number: 2241
>Category: suexec
>Synopsis: suEXEC won't execute anything not under DOC_ROOT from suexec.h
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Sun May 17 04:40:00 PDT 1998
>Last-Modified:
>Originator: alexs@rinet.ru
>Organization:
apache
>Release: 1.2.6
>Environment:
>Description:
Whean I run a main Web-server and several other I want to provide the access of different people to the maintaining each of them.
It means that I would like to have own cgi-bin directory for each of those servers and run scripts with corresponding UID/GID.
It is possible only with suEXEC wrapper; however suEXEC is able to run programs with the path, necessaryly containing DOC_ROOT (/usr/local/etc/httpd/htdocs by default), and I do NOT want to create users directories there.
There is no such problem without suEXEC but in this case scripts are run as fake httpd-users, and, so do not have permission to write anything in user directory.
>How-To-Repeat:
Unfortunatelly I needed to setup working server quickly so I cannot show you it now.
Of course I can provide you my configuration files but I suppose it is not what you want, don't you?
>Fix:
Here is the patch for suexec.c to fix the problem. The main idea is to set working directory to DOC_ROOT only if the environment variable DOCUMENT_ROOT is not defined, and to DOCUMENT_ROOT from the environment else.
*** suexec.c.old Sat May 16 23:01:02 1998
--- suexec.c Sun May 17 14:52:59 1998
***************
*** 223,228 ****
--- 223,231 ----
char *actual_gname; /* actual group name */
char *prog; /* name of this program */
char *cmd; /* command to be executed */
+ /*+APS+*/
+ char *envvar; /* environ variable value */
+ /*-APS-*/
char cwd[AP_MAXPATH]; /* current working directory */
char dwd[AP_MAXPATH]; /* docroot working directory */
struct passwd *pw; /* password entry holder */
***************
*** 391,398 ****
exit(112);
}
}
! else {
! if (((chdir(DOC_ROOT)) != 0) ||
((getcwd(dwd, AP_MAXPATH)) == NULL) ||
((chdir(cwd)) != 0))
{
--- 394,407 ----
exit(112);
}
}
! else { /*+APS+*/
! if ((envvar=getenv("DOCUMENT_ROOT")) != NULL )
! strncpy(dwd, envvar, AP_MAXPATH);
! else
! strncpy(dwd, DOC_ROOT, AP_MAXPATH);
! log_err("dwd: %s\n", dwd);
! if (((chdir(dwd)) != 0) ||
! /*-APS-*/
((getcwd(dwd, AP_MAXPATH)) == NULL) ||
((chdir(cwd)) != 0))
{
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
>uname -a
FreeBSD snark.rinet.ru 3.0-971012-SNAP FreeBSD 3.0-971012-SNAP #0: Fri Mar 6 23:22:59 MSK 1998 root@snark.rinet.ru:/usr/src/sys/compile/CYRIX_DOS i386
>gcc --version
2.7.2.1