will ack when I get the diffs.
----- Forwarded message from dabel@abel-info.com -----
Message-Id: <199609152222.PAA26327@taz.hyperreal.com>
From: dabel@abel-info.com
To: apache-bugs%apache.org@organic.com
Date: Sun Sep 15 15:22:39 1996
Subject: WWW Form Bug Report: "cgi-bin exec perm denied even though httpd has read / execute
perms to script" on Solaris 2.x
Submitter: dabel@abel-info.com
Operating system: Solaris 2.x, version: 2.4
Version of Apache Used: 1.1.1 (Stronhold 1.3)
Extra Modules used: mod_cgi.c is pertinant module
URL exhibiting problem:
Symptoms:
--
can_exec in util.c only checks for the specific
uid specified in the config file when checking
group perms on cgi scripts. Since the uid httpd
is running under can be a member of other groups,
httpd may incorrectly deny acess when it is
permitted by the group perms in question.
The fix was quite simple and I have the context
diffs for it (applied to the Stronghold source).
Will send them in a separate message.
Hope its useful.
--
----- End of forwarded message from dabel@abel-info.com -----
|