httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject WWW Form Bug Report: "cgi-bin exec perm denied even though httpd has read / execute perms to script" on Solaris 2.x (fwd)
Date Sun, 15 Sep 1996 22:50:05 GMT

will ack when I get the diffs.


----- Forwarded message from dabel@abel-info.com -----

Message-Id: <199609152222.PAA26327@taz.hyperreal.com>
From: dabel@abel-info.com
To: apache-bugs%apache.org@organic.com
Date: Sun Sep 15 15:22:39 1996
Subject: WWW Form Bug Report: "cgi-bin exec perm denied even though httpd has read / execute
perms to script" on Solaris 2.x

Submitter: dabel@abel-info.com
Operating system: Solaris 2.x, version: 2.4
Version of Apache Used: 1.1.1 (Stronhold 1.3)
Extra Modules used: mod_cgi.c is pertinant module
URL exhibiting problem: 

Symptoms:
--
can_exec in util.c only checks for the specific 
uid specified in the config file when checking
group perms on cgi scripts.  Since the uid httpd
is running under can be a member of other groups,
httpd may incorrectly deny acess when it is 
permitted by the group perms in question.

The fix was quite simple and I have the context
diffs for it (applied to the Stronghold source).
Will send them in a separate message.

Hope its useful.
--

----- End of forwarded message from dabel@abel-info.com -----


Mime
View raw message