Bug 29534

OK, here's the issue.  Apache 2.0.49, stock install, only non-shipped modules 
installed are php and suphp.  Suexec is not standard but the problem manifests 
itself before it runs. 
 
Here's how to reproduce: 
 
make a directory and a subdirectory, say, bin.  create an executable file in 
the bin directory (call it greeting, I guess).  It can just be a shell script. 
 
Now, create an index.html file in the current directory.  Inside that file, it 
should contain only the text: 
 
<!--#exec cmd="bin/greeting"--> 
 
According to the documentation, a forward slash means that it is relative to 
the document root, and a lack of forward slash means that it is relative to the 
current working directory. 
 
Now, try to access that page.  You will get a blank page. 
 
An strace will reveal that it is chdir()ing into the current directory, and 
running suexec with the argument of "greeting".  There is no attempt to change 
into the correct directory.  If you copy bin/greeting into the current 
directory, it will work as expected. 
 
It also will not work if you specify a full path.  It also will not work if you 
specify a system binary, such as "finger".  It appears to be completely broken. 
 
Server version: Apache/2.0.49 
Server built:   Jun 10 2004 11:23:59 
Server's Module Magic Number: 20020903:7 
Architecture:   32-bit 
Server compiled with.... 
 -D APACHE_MPM_DIR="server/mpm/prefork" 
 -D APR_HAS_SENDFILE 
 -D APR_HAS_MMAP 
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) 
 -D APR_USE_SYSVSEM_SERIALIZE 
 -D APR_USE_PTHREAD_SERIALIZE 
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT 
 -D APR_HAS_OTHER_CHILD 
 -D AP_HAVE_RELIABLE_PIPED_LOGS 
 -D HTTPD_ROOT="/usr/local/apache/2.0.49" 
 -D SUEXEC_BIN="/usr/local/apache/2.0.49/bin/suexec" 
 -D DEFAULT_PIDLOG="logs/httpd.pid" 
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" 
 -D DEFAULT_LOCKFILE="logs/accept.lock" 
 -D DEFAULT_ERRORLOG="logs/error_log" 
 -D AP_TYPES_CONFIG_FILE="conf/mime.types" 
 -D SERVER_CONFIG_FILE="conf/httpd.conf"