httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject suEXEC problem with CGI commandline parameters (fwd)
Date Thu, 19 Dec 1996 18:10:26 GMT
----- Forwarded message from Jake Buchholz -----

From: Jake Buchholz <>
Message-Id: <>
Subject: suEXEC problem with CGI commandline parameters
Date: Thu, 19 Dec 1996 11:58:38 -0600 (CST)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

This is further information regarding my previous bug report late last night
(or early this morning, depending on how you look at it...)

To summarize:

	With suEXEC turned on,, but

	...does not.  The suexecbug script is merely a cgi-bin that just spits
	outs a Content-type: header and displays what command-line parameters
	you've sent it.

	The cgi.log file shows that it's trying to suexec an executable named
	with random memory noise.

The discovery:

	At the very end of util_script.c, I noticed some discrepency between
	the suEXEC code and the non-suEXEC code.

	The non-suEXEC code will execle for shellcmd's and for argv[]'s that
	only consist of one entry, the executable itself; for multiple argv[]
	entries, the non-suEXEC code does an execve with the argv's passed to
	that put together with create_argv().

	The suEXEC code, on the other hand, is doing execle's in each and
	every instance.  The execle that would normally handle multiple argv[]
	entries is being passed argv's also created with the create_argv()

	execve's second parameter wants to be a char **argv.

	execle's second through 'n' parameters want to be char *argv.

	create_argv() returns char **, which passing one argv to the suexec
	script, one that contains the pointer to the actual argv array.

The solution:

	I'm not sure of the best way to resolve this at present, but I should
	be able to look at it at some point during the day.  If I'm able to
	get it working, I'll send a patch.  Of course, if you get the fix
	before I do, please send it my way...

Jake Buchholz                            
Exec-PC Internet Systems Administrator               

----- End of forwarded message from Jake Buchholz -----

Rob Hartill.       Internet Movie Database Ltd.  

View raw message