httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@kiwi.ICS.UCI.EDU>
Subject Re: [PATCH] suexec funny business (Roy's patch with slight change)
Date Fri, 25 Apr 1997 17:00:48 GMT
>I _think_ we should be using pstrdup for the grpname assignments as 
>well. Correct me if I am wrong.

The pstrdup was necessary for execuser because calls to getpwnam and
getgrgid overwrite the same global memory structure on some OSes.
So, we only need pstrdup for the results of the first call.  There is
one screw case that I did not account for

>!             if ((gr = getgrgid(pw->pw_gid)) == NULL) {
>  		if ((grpname = palloc (r->pool, 16)) == NULL) 
>  		    return;
>  		else
>! 		    ap_snprintf(grpname, 16, "%d", pw->pw_gid);
>  	    }
>              else
>! 		grpname = gr->gr_name;

pw->pw_gid is being accessed after the call to getgrgid.  We need to
save pw->pw_gid in a local variable before that if statement.

I am trying to generate some slides for my presentation at 1pm (on,
of all things, the Apache development process), so an updated patch
will have to wait unless someone else wants to generate it.


View raw message