httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason A. Dour" <...@bcc.louisville.edu>
Subject [FIX] PR#339: AIGH! suEXEC QUERY_STRING problem solved!
Date Fri, 25 Apr 1997 10:06:37 GMT
-----BEGIN PGP SIGNED MESSAGE-----

OK...  I didn't catch this the first time, but I just saw this a moment
ago...  I about had a hearty attack.

In util_script.c, in the section of call_exec() that executes as a ~user,
the following code is what breaks the Q_S behaviour:

        if (shellcmd)
            execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);

        else if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >= 0))
            execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);

        else {
            execve(SUEXEC_BIN,
                   create_argv(r, SUEXEC_BIN, execuser, grpname, argv0, r->args, (void
*)NULL),
                   env);
        }

and it should be:

        if (shellcmd)
            execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);

        else if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >= 0))
            execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);

        else {
            execve(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname,
                   create_argv(r, argv0, r->args, (void *)NULL),
                   env);
        }

That should solve PR#339.  Roy, since you already have an unsubmitted
patch for suEXEC that does Good Things, could you please make the above
fix and submit it as part of your patch.  I'm WAY to busy to submit this
right now...

Jason
# Jason A. Dour <jad@bcc.louisville.edu>                            1101
# Programmer Analyst II; Department of Radiation Oncology; Univ. of Lou.
# Finger for URLs, PGP public key, geek code, PJ Harvey info, et cetera.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBM2CCMJo1JaC71RLxAQEixgQAnKSmRvhn3X8hjjiCYlpGuZC/3doU9RJJ
PcsObhAfrFM5VofRxdYPOlUcKIwC1SSFObEgBf7S+Su/X3aTsiWWxab4JW2U3OaK
/ywKpOR4K+hQjfGtOVI90h2zil8mVfzivGcN6k7HSFOibAkyOVMDbSVuAKDNiaf+
uP/pddlhkgQ=
=+7l6
-----END PGP SIGNATURE-----


Mime
View raw message