www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: suexec/237: Inappropriate bypass of suexec / Inappropriate usage of suexec (fwd)
Date Tue, 08 Apr 1997 03:20:02 GMT
The following reply was made to PR suexec/237; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: apbugs@apache.org
Subject: Re: suexec/237: Inappropriate bypass of suexec / Inappropriate usage of suexec (fwd)
Date: Mon, 7 Apr 1997 21:17:13 -0600 (MDT)

 
 From everything I can make out, the reporter is confused about what suexec
 is supposed to be used for.  I am trying to clarify exactly what they are
 talking about.
 
 ---------- Forwarded message ----------
 Date: Mon, 7 Apr 1997 02:26:17 -0400 (EDT)
 From: Bram Kivenko -- XSpace Staff <bram@xspace.com>
 To: Marc Slemko <marcs@znep.com>
 Subject: Re: suexec/237: Inappropriate bypass of suexec / Inappropriate usage of suexec
 
 
 On Sun, 6 Apr 1997, Marc Slemko wrote:
 
 > > Perhaps I was confusing.  If you run the server as root and use suexec to
 > > execute CGI's, "nph-" cgi's *do not* execute through suexec, ie, they seem
 > > to run as root (?)  Maybe newer versions have since corrected this
 > > problem.
 > 
 > Do you mean _run_ the server as root or _start_ the server as root?  In
 > the first, you specify "root" in the User directive.  DO NOT DO THIS.  It
 > is not secure, even if you do use suexec and even if suexec does work
 > 100%.  All CGI scripts that are not in a user directory and are on the
 > main server will run as whatever user is specified in the User directive; 
 > nothing special about nph scripts.  Scripts in users' home directories
 > will run as them, and scripts in virtual hosts can be run as a user
 > specified in the virtualhost config. 
 
 Well, no, I run the server as nouser which owns nothing on the server.  I
 was merely pointing out that nph CGI's are not subject to a user change. 
 Ie, an nph CGI runs as whatever user the server child is running as.  This
 is a very simple bug to fix.  Basically, someone either forgot or did not
 bother to add in suexec calls for the nph exec's.  The suexec calls are
 clearly missing.  I have added in the bug fixes myself, but obviously
 would appreciate (and others as well would appreciate) it if it were
 fixed:
 
 near the end of util_script.c:
 
         if (shellcmd) {
 //          execle(SHELL_PATH, SHELL_PATH, "-c", argv0, NULL, env);   
             execle(SUEXEC_BIN, SUEXEC_BIN, "a", "a", argv0,
                         argv0, NULL, env);
         }
         else if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >= 0)) {
             execle(SUEXEC_BIN, SUEXEC_BIN, "a", "a", r->filename, 
                         r->filename,NULL,
                         env);
 //          execle(r->filename, argv0, NULL, env);
         }
 
 I am using my own suexec, so, some of the arguments are not valid, but you
 should get the idea.  The section immediately following the one I gave
 (should be at the end util_script.c) also needs to be corrected.  I did it
 in a half ass manner so I won't bother copying out the source code for it. 
 
 Thanks, keep me updated,
 Bram
 _______________________________________________________________________________
 
    Bram Kivenko  --  XSpace Staff  --  Systems Manager  --  bram@xspace.com
     Let XSpace be your host  --  http://www.xspace.com  --  (416)-929-8663
                              XSPACE COMMUNICATIONS
 _______________________________________________________________________________
 

Mime
View raw message