www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Loren Schall <sch...@ateng.az.honeywell.com>
Subject os-sunos/193: suexec loses group
Date Tue, 25 Feb 1997 00:40:03 GMT

>Number:         193
>Category:       os-sunos
>Synopsis:       suexec loses group
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Feb 24 16:40:01 1997
>Originator:     schall@ateng.az.honeywell.com
>Organization:
apache
>Release:        1.2b7
>Environment:
% uname -a
SunOS swtech09 4.1.4 2 sun4m
% gcc --version
2.7-96q3
% ldd `type -p httpd`
        -lc.1 => /usr/lib/libc.so.1.9
        -ldl.1 => /usr/lib/libdl.so.1.0
>Description:
In this configuration apparently getgrnam() and initgroups() use the
same static space to hold group info.  The call to initgroups()
destroys the information pointed to by the local variable gr.
>How-To-Repeat:
With suexec configured, access a user cgi.
>Fix:
*** suexec.c.orig       Thu Feb 20 18:20:40 1997
--- suexec.c    Mon Feb 24 17:20:54 1997
***************
*** 222,227 ****
--- 222,228 ----
      char dwd[AP_MAXPATH];   /* docroot working directory */
      struct passwd *pw;      /* password entry holder     */
      struct group *gr;       /* group entry holder        */
+     struct group gr_copy;   /* group entry holder        */
      struct stat dir_info;   /* directory info holder     */
      struct stat prg_info;   /* program info holder       */

***************
*** 295,300 ****
--- 296,303 ----
        log_err("invalid target group name: (%s)\n", target_gname);
        exit(106);
      }
+     gr_copy = *gr;
+     gr = &gr_copy;

      /*
       * Log the transaction here to be sure we have an open log
%0
>Audit-Trail:
>Unformatted:



Mime
View raw message