Bug#68990: marked as done (Users' CGI scripts cannot be executed when UserDir is not public_html.)

To: Fabio Massimo Di Nitto <fabbione@fabbione.net>
Cc: Debian Apache Maintainers <debian-apache@lists.debian.org>
Subject: Bug#68990: marked as done (Users' CGI scripts cannot be executed when UserDir is not public_html.)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 18 Nov 2003 23:18:06 -0600
Message-id: <[🔎] handler.68990.D63974.10692184038449.ackdone@bugs.debian.org>
In-reply-to: <Pine.LNX.4.58.0311190603580.20321@trider-g7.ext.fabbione.net>
References: <Pine.LNX.4.58.0311190603580.20321@trider-g7.ext.fabbione.net> <200008120013.CAA31486@dagoba.escape.de>

Your message dated Wed, 19 Nov 2003 06:06:38 +0100 (CET)
with message-id <Pine.LNX.4.58.0311190603580.20321@trider-g7.ext.fabbione.net>
and subject line upstream report
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Aug 2000 00:13:17 +0000
>From strauss@dagoba.escape.de Fri Aug 11 19:13:17 2000
Return-path: <strauss@dagoba.escape.de>
Received: from pec-149-239.tnt6.h2.uunet.de (dagoba.escape.de) [::ffff:149.225.149.239] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 13NOvM-00061H-00; Fri, 11 Aug 2000 19:13:16 -0500
Received: (from strauss@localhost)
	by dagoba.escape.de (8.9.3+3.2W/8.9.3/Debian 8.9.3-21) id CAA31486;
	Sat, 12 Aug 2000 02:13:13 +0200
Message-Id: <200008120013.CAA31486@dagoba.escape.de>
From: strauss <strauss@dagoba.escape.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Users' CGI scripts cannot be executed when UserDir is not public_html.
X-Reportbug-Version: 0.54
X-Mailer: reportbug 0.54
Date: Sat, 12 Aug 2000 02:13:13 +0200
Delivered-To: submit@bugs.debian.org

Package: apache
Version: 1.3.9-13.1
Severity: normal

I prefer setting UserDir to .www in srm.conf. This works as expected for
usual HTML files, but users' CGI scripts cannot be found this way. I
strace'd the server and found out that there must be a hardcoded `public_html'
somethere:

...
[pid 31129] getcwd("/home/strauss/.www", 4095) = 19
[pid 31129] chdir("/home/strauss")      = 0
[pid 31129] chdir("public_html")        = -1 ENOENT (No such file or directory)
...

I tried a dirty binary patch in mod_userdir.so, which is the only file
I found containing the pattern `public_html', but this did not change anything. 

-- System Information
Debian Release: 2.2
Architecture: i386
Kernel: Linux dagoba 2.2.17 #2 SMP Tue Aug 8 23:36:59 MEST 2000 i686

Versions of packages apache depends on:
ii  apache-common         1.3.9-13.1         Support files for all Apache webse
ii  libc6                 2.1.3-10           GNU C Library: Shared libraries an
ii  libdb2                2:2.4.14-2.7.7.1.c The Berkeley database routines (ru
ii  libgdbmg1             1.7.3-26.2         GNU dbm database routines (runtime
ii  mime-support          3.9-1              MIME files 'mime.types' & 'mailcap
ii  perl-5.004 [perl5]    5.004.05-6         Larry Wall's Practical Extracting 
ii  perl-5.005 [perl5]    5.005.03-7.1       Larry Wall's Practical Extracting 


---------------------------------------
Received: (at 63974-done) by bugs.debian.org; 19 Nov 2003 05:06:43 +0000
>From fabbione@fabbione.net Tue Nov 18 23:06:43 2003
Return-path: <fabbione@fabbione.net>
Received: from port5.ds1-sby.adsl.cybercity.dk (trider-g7.fabbione.net) [212.242.169.198] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1AMKY3-0002B5-00; Tue, 18 Nov 2003 23:06:40 -0600
Received: from trider-g7.ext.fabbione.net (port5.ds1-sby.adsl.cybercity.dk [212.242.169.198])
	by trider-g7.fabbione.net (Postfix) with ESMTP id D9F6A16;
	Wed, 19 Nov 2003 06:06:38 +0100 (CET)
Date: Wed, 19 Nov 2003 06:06:38 +0100 (CET)
From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
Sender: fabbione@trider-g7.ext.fabbione.net
To: 63974-done@bugs.debian.org, 63975-done@bugs.debian.org,
	68990-done@bugs.debian.org, 72695-done@bugs.debian.org
Subject: upstream report
Message-ID: <Pine.LNX.4.58.0311190603580.20321@trider-g7.ext.fabbione.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Delivered-To: 63974-done@bugs.debian.org
X-Spam-Status: No, hits=0.0 required=4.0
	tests=none
	version=2.53-bugs.debian.org_2003_11_15
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_11_15 (1.174.2.15-2003-03-30-exp)


Hi all,
=09upstream has decided NOT to fix this problems due to security
issue implied in doing so.

Quoting from: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3D24218

------- Additional Comments From Andr=E9 Malo 2003-10-29 14:55 -------

Sorry, this behaviour won't be changed. All parameters can be configured
at compile time. Since suexec is setuid root, every runtime config stuff
would be quite dangerous.

Therefor i am closing these Debian bugs.

Thanks
Fabio

--=20
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html

Reply to:

Prev by Date: Bug#72695: marked as done (Apache: Not possible to execute CGI-Sripte in ~userdir)
Next by Date: About packaging front & back-end Apache + mod_accel
Previous by thread: Bug#72695: marked as done (Apache: Not possible to execute CGI-Sripte in ~userdir)
Next by thread: About packaging front & back-end Apache + mod_accel
Index(es):
- Date
- Thread