httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: [FIX] PR#339: AIGH! suEXEC QUERY_STRING problem solved!
Date Fri, 25 Apr 1997 13:51:54 GMT

execve() does not accept a vairable argument list. I don't see a 
glaring problem with the existing code.


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> OK...  I didn't catch this the first time, but I just saw this a moment
> ago...  I about had a hearty attack.
> 
> In util_script.c, in the section of call_exec() that executes as a ~user,
> the following code is what breaks the Q_S behaviour:
> 
>         if (shellcmd)
>             execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
> 
>         else if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >= 0))
>             execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
> 
>         else {
>             execve(SUEXEC_BIN,
>                    create_argv(r, SUEXEC_BIN, execuser, grpname, argv0, r->args, (void
*)NULL),
>                    env);
>         }
> 
> and it should be:
> 
>         if (shellcmd)
>             execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
> 
>         else if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >= 0))
>             execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
> 
>         else {
>             execve(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname,
>                    create_argv(r, argv0, r->args, (void *)NULL),
>                    env);
>         }
> 
> That should solve PR#339.  Roy, since you already have an unsubmitted
> patch for suEXEC that does Good Things, could you please make the above
> fix and submit it as part of your patch.  I'm WAY to busy to submit this
> right now...
> 
> Jason
> # Jason A. Dour <jad@bcc.louisville.edu>                            1101
> # Programmer Analyst II; Department of Radiation Oncology; Univ. of Lou.
> # Finger for URLs, PGP public key, geek code, PJ Harvey info, et cetera.
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBM2CCMJo1JaC71RLxAQEixgQAnKSmRvhn3X8hjjiCYlpGuZC/3doU9RJJ
> PcsObhAfrFM5VofRxdYPOlUcKIwC1SSFObEgBf7S+Su/X3aTsiWWxab4JW2U3OaK
> /ywKpOR4K+hQjfGtOVI90h2zil8mVfzivGcN6k7HSFOibAkyOVMDbSVuAKDNiaf+
> uP/pddlhkgQ=
> =+7l6
> -----END PGP SIGNATURE-----




Mime
View raw message