www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Holger Metschulat <ho...@sgs.wh.tu-darmstadt.de>
Subject suexec/4111: SSI #exec cmd="..." does not work with suexec enabled
Date Wed, 24 Mar 1999 19:17:09 GMT

>Number:         4111
>Category:       suexec
>Synopsis:       SSI #exec cmd="..." does not work with suexec enabled
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Mar 24 11:20:04 PST 1999
>Last-Modified:
>Originator:     homer@sgs.wh.tu-darmstadt.de
>Organization:
apache
>Release:        1.3.1
>Environment:
Linux linux 2.0.32 #2 Mon Dec 29 09:42:18 CET 1997 i586
gcc version 2.7.2.1
>Description:
When using the SSI command '#exec cmd="/usr/bin/cal 3 1999"' together
with the suexec wrapper enabled, the command cannot be executed
because
1. The command contains a slash on the first position
2. Arguments cannot be passed to programs via suexec
>How-To-Repeat:
Write a sample script an try it ...
>Fix:
Without knowing much of the internals of suexec, I sugges:

1. Try to separate path (/usr/bin) data from program name (cal)
and then cwd to this path before executing suexec with just
the program name (as cgi calls do)
2. The program name and its arguments are passed to suexec
as one argument. Perhaps one should try to separate program
and arguments within suexec by splitting at blanks. But this
imposes that arguments and the program name must not contain blanks.

Do these changes impose security problems?
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]




Mime
View raw message