Bug#528062: apache2: mod_userdir is broken with respect to suexec support. patch included

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#528062: apache2: mod_userdir is broken with respect to suexec support. patch included

Witold Baryluk
Package: apache2
Version: 2.2.11-3
Severity: important

Hi,

on one of my production system I'm using ldap_userdir which borrowed code
from mod_userdir. After some investigation (suexec support was naccassary)
that there is error in suexec handling, and it existed many years unnoticed.

Hopefully mod-ldap-userdir author accepted my patches (about request notes,
and some bad usage of strtoul) and everything works out of box on lenny now.


Bud bad code in mod_userdir still exists.

I'm attaching the patch for mod_userdir.c. (based on patch for mod_ldap_userdir.c)

It was tested and works correctly. Please apply and notify upstream if possible.

Thanks you.


-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apache2 depends on:
pn  apache2-mpm-worker | apache2- <none>     (no description available)

apache2 recommends no packages.

apache2 suggests no packages.

userdir-suexec-fix.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#528062: apache2: mod_userdir is broken with respect to suexec support. patch included

Stefan Fritsch
On Sunday 10 May 2009, Witold Baryluk wrote:
> on one of my production system I'm using ldap_userdir which
> borrowed code from mod_userdir. After some investigation (suexec
> support was naccassary) that there is error in suexec handling, and
> it existed many years unnoticed.


> It was tested and works correctly. Please apply and notify upstream
> if possible.


Thanks for your patch. Please be a bit more verbose on what the actual
problem was and how it can be reproduced.

Stefan



--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Bug#528062: apache2: mod_userdir is broken with respect to suexec support. patch included

Witold Baryluk
Dnia 2009-05-10, nie o godzinie 19:43 +0200, Stefan Fritsch pisze:

> On Sunday 10 May 2009, Witold Baryluk wrote:
> > on one of my production system I'm using ldap_userdir which
> > borrowed code from mod_userdir. After some investigation (suexec
> > support was naccassary) that there is error in suexec handling, and
> > it existed many years unnoticed.
>
>
> > It was tested and works correctly. Please apply and notify upstream
> > if possible.
>
>
> Thanks for your patch. Please be a bit more verbose on what the actual
> problem was and how it can be reproduced.
>
> Stefan
I will try provide simple example, but actually suexec configuration
isn't simple.

I have apache2 configured with mod_userdir + mod_suexec + mod_fcgid (for
runing php5-cgi in my case).


According to http://httpd.apache.org/docs/2.2/suexec.html#usage
handling of /~baryluk/ should automagically work (by working, I mean fcgid scripts
are run under uid baryluk).

Currently this scripts are run under the www-data uid, because
as I first written mod_userdir.c is not working correctly (not to be honest,
not well tested - this error is sitting there very very long).

There is also some comments in patch. Author of mod_ldap_userdir.c can
also help, but first ask me about any problems. We don't need to bother
him. ;)

Hope this will help.

--
Witold Baryluk

signature.asc (204 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#528062: Quotation Inquiry #RFQ170619E - New Supplier

Hidroconta Trading Ltd.
In reply to this post by Witold Baryluk
Hello,

Our partners referred your company to us. Regarding your great products.
Please see required products, quantity and specifications as attached.

Kindly give us your lowest possible prices for FCL shipment.


Best Regards,

Wanda Rodriguez
Purchase Assistant

Hidroconta Trading Ltd.
Av. de Sta. Catalina,
60, 30012 Murcia, Spain
Phone: +34 968 26 77 66
Fax: +34 968 26 77 06