Received: (qmail 22103 invoked by uid 2012); 17 Mar 1999 00:04:48 -0000 Message-Id: <19990317000448.22102.qmail@hyperreal.org> Date: 17 Mar 1999 00:04:48 -0000 From: Aidan Cully Reply-To: aidan@panix.com To: apbugs@hyperreal.org Subject: SuEXEC doesn't work with mod_userdir as well as it should. X-Send-Pr-Version: 3.2 >Number: 4069 >Category: suexec >Synopsis: SuEXEC doesn't work with mod_userdir as well as it should. >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Mar 16 16:10:01 PST 1999 >Closed-Date: Fri Jan 07 15:15:41 PST 2000 >Last-Modified: Fri Jan 07 15:15:41 PST 2000 >Originator: aidan@panix.com >Release: 1.3.5 -dev >Organization: >Environment: NetBSD byzantium.nyc.access.net 1.3.2 NetBSD 1.3.2 (PANIX-STAFF) #0: Thu Sep 17 17:49:04 EDT 1998 marcotte@juggler.panix.com:/devel/netbsd/1.3.2/src/sys/arch/i386/compile/PANIX-STAFF i386 >Description: mod_userdir allows an admin to dissociate the /etc/passwd home directory for a user from the doc that gets returned on a ~username URL request. SuEXEC only understands the (typical) ~user/public_html/ as a docroot for individual users, and won't execute requests outside that directory. >How-To-Repeat: In httpd.conf: UserDir /htdocs/userdirs/ put a CGI-script under that userdir, and try to GET it >Fix: modify util_script.c to never pass the '~' on the command line to SuEXEC, and remove the ~user/public_html check from SuEXEC, when an appropriate directive is in the httpd.conf for the request. If y'all accept the patch I recently sent in, the flag already exists in the URIOwner config directive. >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: coar State-Changed-When: Fri Jan 7 15:15:41 PST 2000 State-Changed-Why: suexec doesn't work with mod_userdir at all. Instead, it can accept only two locations: the user's actual home directory (as specified in /etc/passwd), or a subdirectory of that as specified by the USERDIR_SUFFIX macro. You can define USERDIR_SUFFIX with ./configure using the --suexec-userdir option. It is a design parameter of suexec that all possible parameters be specified at compile-time rather than run-time; this is one of those. Changing this would weaken suexec's security. See for more info. Thanks for using Apache! >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]