httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 29534] New: - #exec cmd does not work correctly
Date Sat, 12 Jun 2004 02:34:29 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29534>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29534

#exec cmd does not work correctly

           Summary: #exec cmd does not work correctly
           Product: Apache httpd-2.0
           Version: 2.0.49
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_cgi
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: rmiller@duskglow.com


OK, here's the issue.  Apache 2.0.49, stock install, only non-shipped modules 
installed are php and suphp.  Suexec is not standard but the problem manifests 
itself before it runs. 
 
Here's how to reproduce: 
 
make a directory and a subdirectory, say, bin.  create an executable file in 
the bin directory (call it greeting, I guess).  It can just be a shell script. 
 
Now, create an index.html file in the current directory.  Inside that file, it 
should contain only the text: 
 
<!--#exec cmd="bin/greeting"--> 
 
According to the documentation, a forward slash means that it is relative to 
the document root, and a lack of forward slash means that it is relative to the 
current working directory. 
 
Now, try to access that page.  You will get a blank page. 
 
An strace will reveal that it is chdir()ing into the current directory, and 
running suexec with the argument of "greeting".  There is no attempt to change 
into the correct directory.  If you copy bin/greeting into the current 
directory, it will work as expected. 
 
It also will not work if you specify a full path.  It also will not work if you 
specify a system binary, such as "finger".  It appears to be completely broken. 
 
Server version: Apache/2.0.49 
Server built:   Jun 10 2004 11:23:59 
Server's Module Magic Number: 20020903:7 
Architecture:   32-bit 
Server compiled with.... 
 -D APACHE_MPM_DIR="server/mpm/prefork" 
 -D APR_HAS_SENDFILE 
 -D APR_HAS_MMAP 
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) 
 -D APR_USE_SYSVSEM_SERIALIZE 
 -D APR_USE_PTHREAD_SERIALIZE 
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT 
 -D APR_HAS_OTHER_CHILD 
 -D AP_HAVE_RELIABLE_PIPED_LOGS 
 -D HTTPD_ROOT="/usr/local/apache/2.0.49" 
 -D SUEXEC_BIN="/usr/local/apache/2.0.49/bin/suexec" 
 -D DEFAULT_PIDLOG="logs/httpd.pid" 
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" 
 -D DEFAULT_LOCKFILE="logs/accept.lock" 
 -D DEFAULT_ERRORLOG="logs/error_log" 
 -D AP_TYPES_CONFIG_FILE="conf/mime.types" 
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message