httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCárthaigh <colmm...@Redbrick.DCU.IE>
Subject Re: [PATCH] exec cmd working with suexec
Date Wed, 22 May 2002 15:55:51 GMT
On Tue, May 21, 2002 at 01:03:03AM +0100, Colm MacCárthaigh wrote:
> The following patch reverts to the previous and documented
> bevahiour (exhibited by 1.3). Currently <!--exec cmd
> does not work with suexec enabled as the proc.c will try to
> run : shell -c suexec uid gid ... so on.
> 
<snip patch>

I should have mentioned, this patch resolves PR 8291. Also
after applying this patch, SSI + suexec works fully except
that

<!--#include file="some.cgi"-->

will run the cgi as the webserver user, and not the suexec
user. Obviously a security hole. "include virtual" is not
affected, Nor is the fsize directive. (they all use 
subrequests)

The patch below fixes it by using the ap_sub_req_lookup_uri
instead of ap_sub_req_lookup_file. Since the functionality of
_uri is a superset of _file (afaict) this means that nothing
valid in an "include file" directive will break. But it
also means that some of what was previously invalid will
(query string etc). Since "include file" has deprecated
support anyway .. I'm not sure how big a deal it is that
mod_include wouldnt be enforcing what "include file" should 
only be able to do.

Colm

Index: modules/filters/mod_include.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/filters/mod_include.c,v
retrieving revision 1.222
diff -u -r1.222 mod_include.c
--- modules/filters/mod_include.c       17 May 2002 11:33:09 -0000      1.222
+++ modules/filters/mod_include.c       22 May 2002 09:26:39 -0000
@@ -1263,7 +1263,7 @@
                                     "in parsed file %s";
                     }
                     else {
-                        rr = ap_sub_req_lookup_file(parsed_string, r, f->next);
+                        rr = ap_sub_req_lookup_uri(parsed_string, r, f->next);
                     }
                 }
                 else {

Mime
View raw message