www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Bewley <d...@bewley.net>
Subject suexec/339: suexec will not allow QUERY_STRINGS
Date Wed, 09 Apr 1997 15:30:02 GMT

	The contract type is `' with a response time of 3 business hours.
	A first analysis should be sent before: Wed Apr 09 12:00:02 PDT 1997

>Number:         339
>Category:       suexec
>Synopsis:       suexec will not allow QUERY_STRINGS
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Apr  9 08:30:02 1997
>Originator:     dale@bewley.net
>Release:        1.2b8
RedHat 4.1
CGIs seem to work fine until you add a ?query_string to them. 
Below are relevant entries from the SuExec cgi.log

WithOUT a query string
[10:25:08 09-04-97]: uid: (dale/dale) gid: (dale/dale) suexec-bug.cgi

WITH a query string
[10:25:13 09-04-97]: invalid target user name: (\~dale)

Relevant entry from the ScriptLog
%% [Wed Apr  9 10:25:13 1997] GET /~dale/suexec-bug.cgi?blah HTTP/1.0
%% 500 /home/dale/www/suexec-bug.cgi
Connection: Keep-Alive
User-Agent: Mozilla/4.0b2 (X11; I; SunOS 5.4 sun4m)
Pragma: no-cache
Host: www.bewley.net
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*


View raw message