www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From M.D.Parker <m...@netcom.com>
Subject suexec/1284: UNIQUE_ID not contained in "safe" export variable list for suexec.c
Date Tue, 21 Oct 1997 00:03:32 GMT

>Number:         1284
>Category:       suexec
>Synopsis:       UNIQUE_ID not contained in "safe" export variable list for suexec.c
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Oct 20 17:10:01 PDT 1997
>Last-Modified:
>Originator:     mdpc@netcom.com
>Organization:
apache
>Release:        1.3b2
>Environment:
Linux 2.0.27
(but this is not generally revelent to the bug report)
>Description:
The UNIQUE_ID variable is not in the "safe" variable list and thus is not 
present in the environment of the program suexec passes control to.  Thus
making this new Apache 1.3 variable feature unavailable to any CGI script
running through suexec.

This is basically a non-critical bug UNLESS you need this variable for your
CGI script which then makes it a serious problem. 
>How-To-Repeat:
when using suexec wrapper program, just check the environment of the running
program spawned.  In my case, it was the test-cgi script with a little mod
to output the results of env and set bourne-shell commands.
>Fix:
Add line to the character pointer array safe_env_list:

"UNIQUE_ID",  

before "USER_NAME"%2
>Audit-Trail:
>Unformatted:


Mime
View raw message