Summary: | suexec2 for apache is compiled with a HIGH minuid! | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Calin Culianu <calin> |
Component: | [OLD] Server | Assignee: | Apache Team - Bugzilla Reports <apache-bugs> |
Status: | VERIFIED DUPLICATE | ||
Severity: | normal | CC: | ft01, magnet |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Calin Culianu
2004-06-29 11:57:23 UTC
Any thoughts on this bug? I may not have been too clear in my description of the bug, but basically it is absolutely impossible to use apache2's suexec2 on a gentoo system for any user with a UID of less than 1000. This is a major problem for people that want to run CGIs inside their UserDir (this is not uncommon). That is because suexec2 is called automatically for requests to a CGI in a UserDir (~/public_html type of situations). It is called even if the CGI in question doesn't have the set-uid bit set. The authors of apache2 decided it was a good idea for all CGIs in a ~/public_html directory (but outside a cgi-bin directory) to run as the user to whom the CGIs belong. This probably is convenient for a number of reasons, mainly having to do with file permissions. However, on current gentoo systems, this is outright broken unless your UID is >1000. UIDs <1000 for regular users are not at all uncommon, given that so many other distros start numbering their users at 400 or 500. Note: Suexec2 is not used for /cgi-bin/ URLs, just CGIs that are in an apache UserDir.. This bug is really just a subset of the issue of suexec options not being very configurable, which is being worked on in bug 66397. *** This bug has been marked as a duplicate of 66397 *** Closing. *** Bug 107514 has been marked as a duplicate of this bug. *** |