httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject suexec/269: Server-side include exec cmd with suEXEC bug (fwd)
Date Sun, 06 Apr 1997 19:13:34 GMT
There are several bug reports on this issue.  Sigh.

---------- Forwarded message ----------
Date: Thu, 27 Mar 1997 07:10:02 -0800 (PST)
From: Mark Bentley <bentlema@cs.umn.edu>
To: apache-bugdb@apache.org
Cc: apache-bugdb@apache.org
Subject: suexec/269: Server-side include exec cmd with suEXEC bug


	The contract type is `' with a response time of 3 business hours.
	A first analysis should be sent before: Thu Mar 27 11:00:02 PST 1997


>Number:         269
>Category:       suexec
>Synopsis:       Server-side include exec cmd with suEXEC bug
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Mar 27 07:10:02 1997
>Originator:     bentlema@cs.umn.edu
>Organization:
apache
>Release:        1.2b7
>Environment:

>Description:
An SSI such as:

 <!--#exec cmd="bin/myscript" -->

which is relative to UserDir, doesn't work because of these lines in suEXEC:

    /*
     * Check for a '/' in the command to be executed,
     * to protect against attacks.  If a '/' is
     * found, error out.  Naughty naughty crackers.
     */
    if ((strchr(cmd, '/')) != NULL ) {
        log_err("invalid command (%s)\n", cmd);
        exit(104);
    }

 
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted:



Mime
View raw message