httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 35584] New: - Suexec does not change Privileges.
Date Fri, 01 Jul 2005 18:56:43 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35584>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35584

           Summary: Suexec does not change Privileges.
           Product: Apache httpd-2.0
           Version: 2.0.52
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P1
         Component: mod_suexec
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: mike@hackerjoe.com
                CC: mike@hackerjoe.com


I am not sure, is this a bug or a mistake. 

When a CGI executes I was under the assumption that it exec under the permission
of the SuexecUserGroup directive.

I created a test script test.cgi;
#!/bin/sh

$ENV{'PATH'} = '/bin:/usr/bin';
print  "Content-type: text/html\n\n";
print "Hello World";
print `whoami`;
print `echo *`;
print `touch /sites/yuma3/hacker.txt`;
print `cat /etc/group`;
print `ls -la /sites/somefilename/`;
#print  `ping 65.182.97.130`;
exit;

When `whoami` is printed it says Apache.


I compiled apache and suexec from a src.rpm on a RHES4 box

Apache ver is 2.0.52

# ./suexec -V
 -D AP_DOC_ROOT="/sites"
 -D AP_GID_MIN=10000
 -D AP_HTTPD_USER="apache"
 -D AP_LOG_EXEC="/var/log/httpd/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=10000
 -D AP_USERDIR_SUFFIX="/gi-bin"

and also
I ajexred the userdir and sill got the same results.
# ./suexec -V
 -D AP_DOC_ROOT="/sites"
 -D AP_GID_MIN=10000
 -D AP_HTTPD_USER="apache"
 -D AP_LOG_EXEC="/var/log/httpd/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=10000
 -D AP_USERDIR_SUFFIX="sites"

The suexec states that every thing is going as planed

[2005-07-01 09:15:57]: uid: (10001/michealt) gid: (10182/10182) cmd: test.cgi
[2005-07-01 09:16:31]: uid: (10001/michealt) gid: (10182/10182) cmd: test.cgi
[2005-07-01 09:16:40]: uid: (10001/michealt) gid: (10182/10182) cmd: test.cgi
[2005-07-01 09:47:13]: uid: (10001/michealt) gid: (10182/10182) cmd: test.cgi
[2005-07-01 09:47:13]: uid: (10001/michealt) gid: (10182/10182) cmd: test.cgi
[2005-07-01 09:47:13]: uid: (10001/michealt) gid: (10182/10182) cmd: test.cgi
[2005-07-01 09:47:14]: uid: (10001/michealt) gid: (10182/10182) cmd: test.cgi
[2005-07-01 09:47:14]: uid: (10001/michealt) gid: (10182/10182) cmd: test.cgi


vhost config

<VirtualHost *:80>
AddType application/x-httpd-php .php
AddHandler cgi-script .cgi
ServerAdmin support(...at....)brinkster(....dot...)com
ServerName michealt
DocumentRoot /sites/yuma3/michealt/home/public_html
#ServerAlias michealt
#SuexecUserGroup michealt ausr_michealt
ScriptAlias /cgi-bin/ /sites/somedirectoryname/michealt/home/cgi-bin/
<Directory /sites/somedirectoryname/michealt/home/public_html>
   AddHandler type-map var
   PerlResponseHandler ModPerl::Registry
   PerlOptions +ParseHeaders
   Options  +Includes
   Allow from all
   DirectoryIndex index.html index.php index.htm default.htm default.html
default.php
</Directory>
<Directory /sites/somedirectoryname/michealt/home/cgi-bin>
   AddOutputFilter Includes .shtml .cgi .pl
   AddHandler type-map var
   SetHandler perl-script
   PerlResponseHandler ModPerl::Registry
   PerlOptions +ParseHeaders
   Options +ExecCGI +Includes
   Allow from all
   DirectoryIndex index.html index.php index.htm default.htm default.html
default.php
</Directory>
</VirtualHost>

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message