httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 49439] Bug in mod_userdir which prevents suexec from running
Date Wed, 01 Jul 2015 12:46:34 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=49439

--- Comment #11 from kpietru@poczta.fm ---
(In reply to Witold Baryluk from comment #8)
> (In reply to comment #7)
> > Can you give a repro case with the simplest possible configuration for this?
> 
> I already given reproduction case. It is very simple case. I cannot minimize
> it in any way. It really is just few files to be put in clean installation
> (preferably Debian), with php5-cgi as example and eventually edit them to
> make username be proper. I can try using pure cgi without fcgi, and trying
> to run some simple bash cgi, without php if you wish.
> 
> > 
> > It's not obvious to me why unconditionally propagating the userdir identity
> > from a subrequest to the main request (which may be of a URI outside
> > userdir-enabled space) is a good idea.
> 
> This is exactly a  comment I was waiting for! I was sure that there are some
> cases it is bad.
> 
> As I understand subrequest will be made on redirect/rewrite or server
> includes right?
> 
> Even then I do not think it is much unsafe, as when using suexec whole
> server is already running as root, or www-data, which have quite big
> permission to all files. So changing uid cannot make it worse, in my
> opinion. It will not give access to more that it already have. (Becuase most
> often www-data already have read permiossion to most user files). But of
> course if it would be possible to switch by one user to other's user UID
> then indeeded, things like deleting others file would be a problem. 
> 
> When this "switch" happens?
> On server includes? (i do not exactly understand what is "subrequest"
> unfortunetly).
> Can subrequests be done recursivly? (subrequest of subrequest?).

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message