[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Open bugs

Matthew Wilcox <willy@debian.org> writes:

> On Sat, Feb 16, 2002 at 04:56:49AM +0000, Matthew Wilcox wrote:

> > If anyone wants to tackle any other bug in apache, please feel
> > free :-)

> Hmm, I missed #70982 which I'd love to get fixed... particularly
> since it affects Debian machines :-) Needs someone with a fair
> amount of C ability.

        Apache will call suexec in "user" mode (specifying a user to
        su to), when any URL starts with ~/.  It does not check if
        UserDir has been disabled before doing this.

That's a little bit scary...

        ViewCvs (and cvsweb) use the token "~checkout~" at the front
        of a URL to indicate that the file should be downloaded from
        CVS.  If a server is setup such as "cvs.example.com", with a
        rewrite rule pointing at the CGI script, suexec will be run,
        and try to switch to user "checkout", which is incorrect.

        This bug should probably be forwarded upstream.  I think a
        test to see if userdir is disabled, and if so, pass any
        parameters verbatim, would solve the problem.

Definitely something I would send upstream, and then worry, if needs
be, about writing our own fix for it.

David N. Welton
   Consulting: http://www.dedasys.com/
     Personal: http://www.dedasys.com/davidw/
Free Software: http://www.dedasys.com/freesoftware/
   Apache Tcl: http://tcl.apache.org/

Reply to: