httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44752] Suexec does not correctly check that scripts are inside the docroot
Date Sun, 15 Mar 2009 08:21:01 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=44752





--- Comment #3 from Stefan Fritsch <sf@sfritsch.de>  2009-03-15 01:20:58 PST ---
(In reply to comment #2)
> Created an attachment (id=23383)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23383) [details]
> more simple patch
> 
> This is simpler patch.
> It only tests whether NULL or '/' is exist on the end of cwd string.

Have you tested this in the case that the script is located directly in the
document root (and not in a subdir?)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message