httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: [FIX] PR#339: AIGH! suEXEC QUERY_STRING problem solved!
Date Fri, 25 Apr 1997 13:52:50 GMT

variable... (more coffee)


> 
> execve() does not accept a vairable argument list. I don't see a 
> glaring problem with the existing code.
> 
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > OK...  I didn't catch this the first time, but I just saw this a moment
> > ago...  I about had a hearty attack.
> > 
> > In util_script.c, in the section of call_exec() that executes as a ~user,
> > the following code is what breaks the Q_S behaviour:
> > 
> >         if (shellcmd)
> >             execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
> > 
> >         else if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >=
0))
> >             execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
> > 
> >         else {
> >             execve(SUEXEC_BIN,
> >                    create_argv(r, SUEXEC_BIN, execuser, grpname, argv0, r->args,
(void *)NULL),
> >                    env);
> >         }
> > 
> > and it should be:
> > 
> >         if (shellcmd)
> >             execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
> > 
> >         else if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >=
0))
> >             execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
> > 
> >         else {
> >             execve(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname,
> >                    create_argv(r, argv0, r->args, (void *)NULL),
> >                    env);
> >         }
> > 
> > That should solve PR#339.  Roy, since you already have an unsubmitted
> > patch for suEXEC that does Good Things, could you please make the above
> > fix and submit it as part of your patch.  I'm WAY to busy to submit this
> > right now...
> > 
> > Jason
> > # Jason A. Dour <jad@bcc.louisville.edu>                            1101
> > # Programmer Analyst II; Department of Radiation Oncology; Univ. of Lou.
> > # Finger for URLs, PGP public key, geek code, PJ Harvey info, et cetera.
> > 
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: 2.6.2
> > 
> > iQCVAwUBM2CCMJo1JaC71RLxAQEixgQAnKSmRvhn3X8hjjiCYlpGuZC/3doU9RJJ
> > PcsObhAfrFM5VofRxdYPOlUcKIwC1SSFObEgBf7S+Su/X3aTsiWWxab4JW2U3OaK
> > /ywKpOR4K+hQjfGtOVI90h2zil8mVfzivGcN6k7HSFOibAkyOVMDbSVuAKDNiaf+
> > uP/pddlhkgQ=
> > =+7l6
> > -----END PGP SIGNATURE-----
> 
> 




Mime
View raw message