httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: [PATCH] properly check if owner or group can_exec
Date Thu, 23 Jan 1997 05:56:36 GMT
On Wed, 22 Jan 1997, Randy Terbush wrote:

> Someone reported this bug the other day. The solution below
> does not solve the issue when MULTIPLE_GROUPS is defined and
> we are checking an suexec target.

And it doesn't address execution of files in ~user as user, right?

suexec will also fail if the user's home dir is on a NFS mounted
filesystem with root mapped to nobody and their homedir is mode 711 or
something like that.  The getcwd() will fail.  

Possible solution is to setuid at the very start of the script, since the 
user better be able to read their homedir.

> 
> 
> Index: util.c
> ===================================================================
> RCS file: /export/home/cvs/apache/src/util.c,v
> retrieving revision 1.41
> diff -c -r1.41 util.c
> *** util.c	1997/01/20 09:36:26	1.41
> --- util.c	1997/01/22 19:02:26
> ***************


Mime
View raw message