httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 24824] New: - suexec assumes ~ means userdir
Date Wed, 19 Nov 2003 14:02:30 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24824>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24824

suexec assumes ~ means userdir

           Summary: suexec assumes ~ means userdir
           Product: Apache httpd-1.3
           Version: HEAD
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Other
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: willy@debian.org


Forwarding Debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=70982

--- begin quote ---

Apache will call suexec in "user" mode (specifying a user to su to), when
any URL starts with ~.  It does not check if UserDir has been disabled before
doing this.

ViewCvs (and cvsweb) use the token "~checkout~" at the front of a URL to
indicate that the file should be downloaded from CVS.  If a server is setup
such as "cvs.example.com", with a rewrite rule pointing at the CGI script,
suexec will be run, and try to switch to user "checkout", which is incorrect.

This bug should probably be forwarded upstream.  I think a test to see if
userdir is disabled, and if so, pass any parameters verbatim, would solve
the problem.

--- end quote ---

Note that this specific problem is no longer relevant; viewcvs now uses
*checkout* instead of ~checkout~, but there may be other situations when
this is inappropriate.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message