httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <>
Subject -x perms testing in 1.3 and 2.0 mod_cgi
Date Tue, 29 Apr 2003 05:31:08 GMT
Why the following code is commented out in 2.0.xx's mod_cgi and mod_cgid.

     if (!ap_suexec_enabled) {
         if (!ap_can_exec(&r->finfo))
             return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
                                    "file permissions deny server execution");

I can see that the test is now performed on the relevant platforms (unix), 
when ap_os_create_privileged_process calls apr_proc_create which does the 
checking. Is it because the checking should be skipped under 
ap_suexec_enabled, but there is no way to tell apr_proc_create to skip this check?

I came to this code as I was trying to check whether in 1.3's ap_can_exec uses 
access() calls to do the right thing on filesystems with acls... which it 
seems not to do. At least I couldn't find any references to access() calls in 
the 1.3 tree. So if 1.3's mod_cgi is run on the fs with acls, will the scripts 
fail, even though they have the exec perms in the acl way?

And I was interested what is the replacement for ap_can_exec in 2.0 ap/apr if 
at all.

Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker     mod_perl Guide --->

View raw message