Bug 42175

Summary: suexec_enabled set incorrectly when httpd is run by a non-root user
Product: Apache httpd-2 Reporter: Jim Radford <radford>
Component: mod_suexecAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal Keywords: FixedInTrunk, PatchAvailable
Priority: P2    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
Attachments: A patch to fix suexec detection

Description Jim Radford 2007-04-19 22:30:19 UTC 
When running an apache that was configured with suexec support as a non-root
user the variable suexec_enabled is incorrectly set.  The test should really
check access(R_OK|X_OK) as well as for root ownership and the set uid bit.

This patch fixes the problem and allows me to run the standard Fedora install of
apache as myself and use mod_fcgid which relies on the correct setting of
suexec_enabled.

--- httpd-2.2.4/os/unix/unixd.c~        2006-07-11 20:38:44.000000000 -0700
+++ httpd-2.2.4/os/unix/unixd.c 2007-04-19 21:33:43.000000000 -0700
@@ -215,7 +215,7 @@
     }

     if ((wrapper.protection & APR_USETID) && wrapper.user == 0) {
-        unixd_config.suexec_enabled = 1;
+        unixd_config.suexec_enabled = access(SUEXEC_BIN, R_OK|X_OK) == 0;
     }
 }
Comment 1 Jim Radford 2007-04-19 22:33:51 UTC 
Created attachment 20004 [details]
A patch to fix suexec detection
Comment 2 Dan Poirier 2009-11-17 05:42:07 UTC 
I guess this is the problem code in fcgi:

        if (ap_unixd_config.suexec_enabled) {
            if (getuid() != 0) {
                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, main_server,
                             "mod_fcgid: current user is not root while suexec is enabled, exiting now");
                exit(1);


Why not just test getuid()==0 in unixd.c when setting
suexec_enabled?   That seems more direct than checking
access to the suexec program.
Comment 3 Jim Radford 2009-11-17 10:18:31 UTC 
(In reply to comment #2)
> I guess this is the problem code in fcgi:

Yes.

> Why not just test getuid()==0 in unixd.c when setting
> suexec_enabled?

Because we are not running as root at this point even if the server was started by root.

> That seems more direct than checking
> access to the suexec program.

I agree it seems odd, but I couldn't come up with either a lighter weight or more direct solution.  It just runs once at module load time.
Comment 4 Dan Poirier 2009-11-17 10:25:24 UTC 
I wasn't sure when this code was run, but I tested it and if the server is started as root, it's still running as root at the time this code is executed.  getuid() returns 0.
Comment 5 Jim Radford 2009-11-17 11:02:25 UTC 
(In reply to comment #4)
> I wasn't sure when this code was run, but I tested it and if the server is
> started as root, it's still running as root at the time this code is executed. 
> getuid() returns 0.

Looks like I was wrong about that; I get 0 in my setup too, so using getuid() should be fine.
Comment 6 Jim Radford 2009-11-17 11:11:43 UTC 
I think the reason I did access() instead of getuid() was that it was the more direct.  If someone didn't install susexec with the suid bit set, then the access() would notice that whereas the getuid() wouldn't.
Comment 7 Jim Radford 2009-11-18 10:13:22 UTC 
Would it help to get this fixed if I made a patch using getuid()?
Comment 8 Dan Poirier 2009-11-18 14:10:43 UTC 
Maybe someone who better understands what suexec_enabled is intended for can comment on whether the correct fix here is to get suexec_enabled turned off in this case, or whether fcgi should be making this check in the first place?
Comment 9 Jim Radford 2010-12-15 00:26:26 UTC 
This patch is a one line "obvious" fix and has been applied to the trunk (2.3.3) for over and year and has been in Fedora for over two.  It would be nice to see it make it into the stable branch at some point.
Comment 10 Stefan Fritsch 2011-10-09 22:27:17 UTC 
r791337
Comment 11 Stefan Fritsch 2012-02-26 16:43:49 UTC 
fixed in 2.4.1