www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerrad Pierce <belg4...@mit.edu>
Subject suexec/6629: suexec logic odd
Date Thu, 05 Oct 2000 15:46:21 GMT

>Number:         6629
>Category:       suexec
>Synopsis:       suexec logic odd
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Oct 05 08:50:00 PDT 2000
>Originator:     belg4mit@mit.edu
>Release:        1.3.9
RedHat 6.0 Commerce, Redhat 6.0
pgcc-2.95.2 1999102
Linux chlorate 2.2.5-15smp #1 SMP Mon Apr 19 22:43:28 EDT 1999 i686 unknown

User nobody
Group Nobody
<Virtualhost ...>
User bob
Group marley
ScriptAlias /home/bobo/cgi-bin

/home/bob/cgi-bin must be at least 705
(assuming nobody is not in marley, if so then 750)

Suexec does not get invoked and the setuid/setgid is not run
before the enetering the directory...
It seems howver, that if the purpose of suexec is to make CGI act exactly
as if the user were at the command line, it should setuid/setgid *before*
descending into the directory...

This way user's could have a more secure 700 mode for there cgi-bin
(yes, it just prevent's reading... but o+rx still seems a bad requirement...)

setuid/setgid before chdir/execing the CGI
(or determing that it's there even)
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

View raw message