Received: (qmail 3285 invoked by uid 2012); 19 Nov 1998 17:05:06 -0000 Message-Id: <19981119170506.3282.qmail@hyperreal.org> Date: 19 Nov 1998 17:05:06 -0000 From: George Hartz Reply-To: georgeh@blowtorch.com To: apbugs@hyperreal.org Subject: mod_env and suexec don't coexist X-Send-Pr-Version: 3.2 >Number: 3425 >Category: suexec >Synopsis: mod_env and suexec don't coexist >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: change-request >Submitter-Id: apache >Arrival-Date: Thu Nov 19 09:10:01 PST 1998 >Last-Modified: Thu Nov 19 09:14:17 PST 1998 >Originator: georgeh@blowtorch.com >Organization: >Release: 1.3.* >Environment: Alpha RedHat 5.1, Linux 2.0.34, gcc 2.7.2.3 >Description: I've noticed after some experimenting today that mod_env and suexec don't really coexist with each other. I've been trying to pass environment variables to virtual hosts for the benefit of CGI's, so certain configuration options can be set in the virtual host configuration and CGI's will work on any virtual host on the server without using configuration files. The problem is suexec strips out non-standard environment variables. This is an understandable feature, and I could easily enough add the half-dozen other environment variables I currently need into the source for suexec, but its a bit of a kludge. >How-To-Repeat: >Fix: My thought was to add a fifth parameter to suexec taking a list of additional "safe" environment variables, a list that could be generated by mod_env when the variables get set for the virtual hosts. suexec would allow its predefined variables through, plus the ones given to it, perhaps as a simple comma separated list. I'm not sure what impact this might have on system security. It would obviously damage it significantly if mismanaged, but it may be a useful feature to have. >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Thu Nov 19 09:14:16 PST 1998 State-Changed-Why: Suexec can't take a list of allowed variablse on the command line, since that would defeat most of the purpose of restricting the environment: to prevent anyone else who gets access to run suexec from a shell from doing bad things. If you can't rename your variables, you are stuck hacking suexec to list each one. Otherwise, you could name them all FOO_ or with some common prefix, then duplicate the HTTP_ code that lets all HTTP_ variables through. >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]