You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Tyler Allison <al...@nas.nasa.gov> on 1997/07/26 00:50:02 UTC
mod_cgi/918: if not using suexec, apache forces user to use server gid/uid settings
>Number: 918
>Category: mod_cgi
>Synopsis: if not using suexec, apache forces user to use server gid/uid settings
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Fri Jul 25 15:50:01 1997
>Originator: allison@nas.nasa.gov
>Organization:
apache
>Release: 1.2.1
>Environment:
Environment is not an issue
>Description:
If I do not wish to use suexec, but instead use our own cgiwrap program that
enforces more strict control on cgi scripts, I must comment out the below
section from mod_cgi because it forces the user to set the cgi scripts as the
same gid/uid of the server.
if (!suexec_enabled) {
if (!can_exec(&r->finfo))
return log_scripterror(r, conf, FORBIDDEN,
"file permissions deny server execution");
}
>How-To-Repeat:
Dont use suexec and try and execute a cgi script as some other uid/gid than the
server.
>Fix:
Yes!
Please make this "force user to use same uid/gid as server" a compile time option
>Audit-Trail:
>Unformatted: