httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: suexec & ScritpAlias/ScriptAliasMatch
Date Sat, 30 Mar 2002 17:59:58 GMT
> I am just starting to look at the server code and have been playing with the
> suexec code. Want to try to pass additional parameters to suexec, in
> paticular the value of the ScriptAlias or ScriptAliasMatch (after regex) for
> the VirtualHost. Believe I have found where suexec is called but unable to
> figure out where the ScriptAlias/Match value is or how to pass it. Any help
> greatly appreciated.

Why modify the httpd code?  Why not just (carefully) modify the suEXEC code?

suEXEC requires that Apache chdir into the directory with the target script
before starting suEXEC.  Therefore, getcwd() will return the absolute path
equivalent to ScriptAlias or ScriptAliasMatch.  (They'll be identical if
there are no symlinks in the path.)

Anyway, what are you planning on doing with the ScriptAlias or
ScriptAliasMatch value in suEXEC?

BTW, if you want a quick way to pass additional params to suEXEC, you could
use SetEnv in Apache.  Then, suEXEC would have the value available to it
until the part of suEXEC near the end of the code which purges the
environment of all but known good CGI vars.

Of course, you should never blindly trust environment values.  Same thing
with params passed to an suid program such as suEXEC.  That's why you
should have a really, really good reason for needing to pass additional
params to suEXEC.  The current parameters (target uid, target gid, and
target program) are all rigorously checked by suEXEC before being used.
If you plan on using any new info from the environment or from an
additional param, then make sure it is properly validated before you
use it!


View raw message