httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Harris" <dhar...@drh.net>
Subject RE: PR 4749: SSI w/ suExec can't handle commands w/ arguments
Date Wed, 25 Aug 1999 22:16:04 GMT

Manoj Kasichainula wrote:
> A PR submitter (who is doing a few other things wrong; ignore them for
> now) reported that
>
> <!--#exec cmd="foo bar" -->
>
> doesn't work, with an error in the suexec log of:
>
> cannot stat program: (foo bar)
>
> Is it intentional for this not to work? One could say that disallowing
> arguments eliminates one more cause of buffer overflows, but I'm
> guessing that this is really a bug.

The problem is that ap_call_exec does not honor the shellcmd flag with suexec.
mod_shtm calls ap_call_exec with the shellcmd flag on for every command
trigered using the <!--#exec notation.

Here is how the shellcmd flag is handled inside ap_call_exec without suexec
support:

      execle(SHELL_PATH, SHELL_PATH, "-c", argv0, NULL, env);

Here is how it's handled with suexec support:

      execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);

You just simply can't toss together a suexec invocation that will knock off a
shell. Suexec would gripe that the user did not own the shell and bomb. This is
just a limitation of suexec.

Suexec can accept arguments just fine.. it just can't parse a string down to an
argument list like the shell does or invoke a shell to do that.

There are possible work arounds but I don't think they are too pretty. Having
something in Apache parse the string down to an argument list comes to mind,
but the <!--#exec functionality with and without suexec will still be
different. And you might break other things.

 - David Harris
   Principal Engineer, DRH Internet Services




Mime
View raw message