httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: SUExec problems (fwd)
Date Thu, 19 Dec 1996 03:46:45 GMT

Turning off suEXEC but allowing CGI execution. A reasonable request
I suppose. I hope the group will agree that this bit of code kind
of falls in the same category as mod_proxy in my opinion. Jason and
I are discussing a few changes that I think we need to make to this
bit of code and the wrapper based on some comments we have gotten
the last few weeks.

More later.


> not acked. I looked but don't understand the code (which I've added [**]
> into his message below)
> 
> ----- Forwarded message from Shadow -----
> 
> >From nora.pcug.co.uk!worldone.com!shadow Thu Dec 19 00:14:43 1996
> Date: Wed, 18 Dec 1996 16:05:24 -0800 (PST)
> From: Shadow <shadow@worldone.com>
> To: apache-bugs@apache.org
> Subject: SUExec problems
> Message-ID: <Pine.LNX.3.91.961218160136.9101D-100000@avatar.worldone.com>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> 
> System:  Linux 2.1.4 i486, apache 1.2b2 w/suexec
> 
> Symptoms:  Upon upgrading from previous version of apache and installing
> 	   suexec for other reasons, user CGI scripts in ~/public_html-type 
>            directories ceased to function (they were being called through
> 	   suexec)
> 
> Recommended Solution:  The way I solved this on my system was to change 
> remove the ! before the strncmp in util_script.c where it's initially
> checking whether or not to run suexec :)  (Find it by searching for 
> SUEXEC -- first occurance, forgot to write down the line number).
> 
> **if ( suexec_enabled && 
> **     ((r->server->server_uid != user_id) ||
> **      (r->server->server_gid != group_id) ||
> **      (!strncmp("/~",r->uri,2))) ) {
> ** 
> **    if (!strncmp("/~",r->uri,2)) {
> **        r->uri += 2;
> **        if ((pw = getpwnam (getword_nc (r->pool, &r->uri, '/'))) == NULL)
{
> **            log_unixerr("getpwnam", NULL, "invalid username", r->server);
> **            return;
> **        } 
> **        r->uri -= 2;
> **        gr = getgrgid (pw->pw_gid);
> **        execuser = (char *) palloc (r->pool, (sizeof(pw->pw_name) + 1));
> **        execuser = pstrcat (r->pool, "~", pw->pw_name, NULL);
> **    }
> 
> 
> Requested Action:  Would it be possible to add a flag to turn off suexec 
> for user directories?  I would think that would also provide more stable 
> security.  Another nice thing would be able to use User and Group 
> directives in <Directory> elements in srm.conf...  IMO, would work better 
> than in a VirtualHost :)
> 
> Just some food for thought :)
> 
> --Shadow
> 
> *..__--<< You know something's up when your Thought process is idle. >>--__..*
> 
> USER       PID %CPU %MEM   VSZ  RSS TTY      S    STARTED         TIME COMMAND
> shadow   28365  0.0  0.2 2.84M 264K ttyp1    S    12:57:12     0:00.02 Thought
> 
> Steven M. Doyle, President, World One Telecommunications
> 	         Webmaster, Decade Communications
> 		 IRC Administrator, los-angeles.ca.us.undernet.org
> 
> 
> ----- End of forwarded message from Shadow -----




Mime
View raw message