Summary: | Suexec does not correctly check that scripts are inside the docroot | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Stefan Fritsch <sf> |
Component: | support | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | NEW --- | ||
Severity: | normal | CC: | schwarz, yuya.presto |
Priority: | P2 | Keywords: | PatchAvailable |
Version: | 2.5-HEAD | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: |
patch for suexec
more simple patch |
Description
Stefan Fritsch
2008-04-03 14:07:48 UTC
Created attachment 21780 [details]
patch for suexec
This patch should fix both issues, but I am not sure if the fchdir part is portable.
Created attachment 23383 [details]
more simple patch
This is simpler patch.
It only tests whether NULL or '/' is exist on the end of cwd string.
(In reply to comment #2) > Created an attachment (id=23383) [details] > more simple patch > > This is simpler patch. > It only tests whether NULL or '/' is exist on the end of cwd string. Have you tested this in the case that the script is located directly in the document root (and not in a subdir?) Oops.. I've forgotten to test that case... I have just tested whether it execs /var/www/test_args.cgi with AP_DOC_ROOT="/var/www". I also tested whether it doesn't exec /var/www-test/test_args.cgi. And it works for me. :) |