DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32220>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=32220
The suexec actual_gname is incorrectly reported as a numeric id and not as an alphanumeric
group name.
Summary: The suexec actual_gname is incorrectly reported as a
numeric id and not as an alphanumeric group name.
Product: Apache httpd-2.0
Version: 2.0.52
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Minor
Priority: Other
Component: support
AssignedTo: bugs@httpd.apache.org
ReportedBy: warp-9.9@usa.net
The suexec actual_gname is incorrectly reported as a numeric id and not as an
alphanumeric group name.
Please forgive me if this is too much information or not enough. ;-) This
would seem to be fairly cosmetic, but leaves much less confusing log files IMO.
Also, I have made minor changes to one file, a "diff -u" patch, and tested, and
it seems to work. As always, use the "-b" (backup) option. Apply one directory
up from httpd-2.0.52 main source tree with -p0, or in httpd-2.0.52/support with
-p2. Just a disclaimer: I may not be aware if I did something unwise, but it
would seem very hard to screw this up.
Unpatched (log):
==> /usr/local/apache2/logs/suexec_log <==
[2004-11-13 00:50:26]: uid: (1001/apache) gid: (1001/1001) cmd: id.sh
Patched (log):
==> /usr/local/apache2/logs/suexec_log <==
[2004-11-13 00:36:54]: uid: (1001/apache) gid: (1001/apache) cmd: id.sh
Patch (unified diff):
/usr/local/src/apache/httpd -> diff -u
httpd-2.0.52/support/suexec.c.2004-11-13_LMW httpd-2.0.52/support/suexec.c
--- httpd-2.0.52/support/suexec.c.2004-11-13_LMW 2004-08-23 11:07:18.0000
00000 -0400
+++ httpd-2.0.52/support/suexec.c 2004-11-13 00:25:49.000000000 -0500
@@ -377,14 +377,17 @@
log_err("invalid target group name: (%s)\n", target_gname);
exit(106);
}
- gid = gr->gr_gid;
- actual_gname = strdup(gr->gr_name);
}
else {
- gid = atoi(target_gname);
- actual_gname = strdup(target_gname);
+ if ((gr = getgrgid(atoi(target_gname))) == NULL) {
+ log_err("invalid target group id: (%s)\n", target_gname);
+ exit(106);
+ }
}
+ gid = gr->gr_gid;
+ actual_gname = strdup(gr->gr_name);
+
#ifdef _OSD_POSIX
/*
* Initialize BS2000 user environment
Unpatched (src):
/*
* Error out if the target group name is invalid.
*/
if (strspn(target_gname, "1234567890") != strlen(target_gname)) {
if ((gr = getgrnam(target_gname)) == NULL) {
log_err("invalid target group name: (%s)\n", target_gname);
exit(106);
}
gid = gr->gr_gid;
actual_gname = strdup(gr->gr_name);
}
else {
gid = atoi(target_gname);
actual_gname = strdup(target_gname);
}
Patched (src):
/*
* Error out if the target group name is invalid.
*/
if (strspn(target_gname, "1234567890") != strlen(target_gname)) {
if ((gr = getgrnam(target_gname)) == NULL) {
log_err("invalid target group name: (%s)\n", target_gname);
exit(106);
}
}
else {
if ((gr = getgrgid(atoi(target_gname))) == NULL) {
log_err("invalid target group id: (%s)\n", target_gname);
exit(106);
}
}
gid = gr->gr_gid;
actual_gname = strdup(gr->gr_name);
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
|