Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 391041 - www-servers/apache 2.2 - suexec and django non-ASCII file upload incompatibility as apache cut out LANG and LC_ALL variables
Summary: www-servers/apache 2.2 - suexec and django non-ASCII file upload incompatibil...
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Lars Wendler (Polynomial-C) (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-19 19:14 UTC by Raimods
Modified: 2017-11-09 11:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Raimods 2011-11-19 19:14:34 UTC
Running cgi scripts with apache suexec, the suexec clean down variables , what not defined in apache's support/suexec.c file. This is according with apache docs: http://httpd.apache.org/docs/2.2/env.html , paragraph "Some Caveats".

But there is problem with non-ASCII file names upload with some python aplications (for example Django), running with suexec and mod_fcgid. There are required LANG and LC_ALL variables passed to CGI scripts, more infotions are there: http://stackoverflow.com/questions/6171278/unicode-in-django-admin , and https://code.djangoproject.com/wiki/django_apache_and_mod_wsgi#Additional%20Tweaking .

As it looks, then the only possible solution is add variable names to apache's support/suexec.c file. I propose add small patch with LANG and LC_ALL environments to gentoo apache patchset:

--- support/suexec.c.old	2011-11-19 19:48:45.994452000 +0200
+++ support/suexec.c	2011-11-19 19:49:39.351042000 +0200
@@ -98,6 +98,8 @@
     "SSL_",
 
     /* variable name is */
+    "LANG=",
+    "LC_ALL=",
     "AUTH_TYPE=",
     "CONTENT_LENGTH=",
     "CONTENT_TYPE=",

I think they are safe and will not cause any harm to anyone, but the abandonment of the suexec in which case could lower the level of security.

Reproducible: Always
Comment 1 Arfrever Frehtes Taifersar Arahesis 2011-11-22 23:07:53 UTC
Could you report your suggestion to upstream?
https://issues.apache.org/bugzilla/
Comment 2 Pacho Ramos gentoo-dev 2016-02-08 18:48:38 UTC
Is this still valid with apache-2.4?