httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shadow <sha...@worldone.com>
Subject SUExec problems
Date Thu, 19 Dec 1996 00:05:24 GMT

System:  Linux 2.1.4 i486, apache 1.2b2 w/suexec

Symptoms:  Upon upgrading from previous version of apache and installing
	   suexec for other reasons, user CGI scripts in ~/public_html-type 
           directories ceased to function (they were being called through
	   suexec)

Recommended Solution:  The way I solved this on my system was to change 
remove the ! before the strncmp in util_script.c where it's initially
checking whether or not to run suexec :)  (Find it by searching for 
SUEXEC -- first occurance, forgot to write down the line number).

**if ( suexec_enabled && 
**     ((r->server->server_uid != user_id) ||
**      (r->server->server_gid != group_id) ||
**      (!strncmp("/~",r->uri,2))) ) {
** 
**    if (!strncmp("/~",r->uri,2)) {
**        r->uri += 2;
**        if ((pw = getpwnam (getword_nc (r->pool, &r->uri, '/'))) == NULL) {
**            log_unixerr("getpwnam", NULL, "invalid username", r->server);
**            return;
**        } 
**        r->uri -= 2;
**        gr = getgrgid (pw->pw_gid);
**        execuser = (char *) palloc (r->pool, (sizeof(pw->pw_name) + 1));
**        execuser = pstrcat (r->pool, "~", pw->pw_name, NULL);
**    }


Requested Action:  Would it be possible to add a flag to turn off suexec 
for user directories?  I would think that would also provide more stable 
security.  Another nice thing would be able to use User and Group 
directives in <Directory> elements in srm.conf...  IMO, would work better 
than in a VirtualHost :)

Just some food for thought :)

--Shadow

*..__--<< You know something's up when your Thought process is idle. >>--__..*

USER       PID %CPU %MEM   VSZ  RSS TTY      S    STARTED         TIME COMMAND
shadow   28365  0.0  0.2 2.84M 264K ttyp1    S    12:57:12     0:00.02 Thought

Steven M. Doyle, President, World One Telecommunications
	         Webmaster, Decade Communications
		 IRC Administrator, los-angeles.ca.us.undernet.org


----- End of forwarded message from Shadow -----


Mime
View raw message