httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 31302] - suexec doesn't execute commands if they're not in the current dir
Date Fri, 25 Mar 2005 16:23:39 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31302>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31302


asfbugzilla@velox.ch changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |asfbugzilla@velox.ch
          Component|mod_include                 |mod_cgi
         OS/Version|FreeBSD                     |All
            Version|2.0.51                      |2.0.53




------- Additional Comments From asfbugzilla@velox.ch  2005-03-25 17:23 -------
Well, nobody seems to have picked up so far, so here's my try.

> mod_include needs a patch that turns CGI script paths into absolute paths.

That's what my proposed fix tries to do. The code handling the SSI exec tag 
has actually been moved to mod_cgi (before 2.0.10 already), so that's where 
the patch goes.

In handle_exec(), I have added a check to make sure an absolute pathname is 
used when calling include_cmd()/run_cgi_child(). For suexec, the important 
point is that in run_cgi_child() the directory for the new child is set to the 
parent of "command", not the one of r->filename (they differ if the "exec" 
target is not in the same directory as the shtml file).

I've tested this both with relative and absolute file names for the "cmd" 
parameter, and running with and without suexec. It works for me (as predicted 
by Ryan), but further testing is welcome, of course. And finally, I'd 
appreciate to see this fix (or a similar one) in 2.0.54... thanks!


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message