Bug 30137 - apr_proc_create() incorrectly requires R_OK for chdir(2)
Summary: apr_proc_create() incorrectly requires R_OK for chdir(2)
Status: CLOSED FIXED
Alias: None
Product: APR
Classification: Unclassified
Component: APR (show other bugs)
Version: 0.9.3
Hardware: PC FreeBSD
: P3 normal (vote)
Target Milestone: ---
Assignee: Apache Portable Runtime bugs mailinglist
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-07-16 06:50 UTC by Jeremy Chadwick
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Chadwick 2004-07-16 06:50:32 UTC
I submitted this issue to Jeff Trawick via personal Email initially.  Jeff 
recommended I open up a bug report for investigation.  Your wish is my command.

In regards to the following commit (which applies to 0.9.4 and HEAD as well):

http://cvs.apache.org/viewcvs.cgi/apr/threadproc/unix/proc.c?
r1=1.64&r2=1.65&diff_format=h

The first call to access(2) (line ~322) for attr->currdir requires R_OK and 
X_OK.  This looks to be incorrect; R_OK is superfluous, as chdir(2) only needs 
the directory executable bit to succeed (at least on *IX systems).

In English: chdir(2) will fail when trying to go into a directory that lacks 
the read bit.  This was discussed (mainly by myself) in full over at the suPHP 
forum, since all versions of suPHP (with Apache 2) are affected by this issue:  
http://lists.marsching.biz/pipermail/suphp/2004-July/000756.html

If someone could take a peek at this, I'd appreciate it.  Thanks!
Comment 1 Joe Orton 2004-07-19 10:25:53 UTC
Dropping R_OK from the access(attr->currdir, R_OK|X_OK) check looks right to me
I presume you agree Jeff?
Comment 2 Jeff Trawick 2004-07-20 03:33:41 UTC
yes, I agree; fix committed to both APR branches