Re: apache-ssl's suexec

To: Matthew Wilcox <willy@debian.org>
Cc: christoph.martin@uni-mainz.de, debian-apache@lists.debian.org
Subject: Re: apache-ssl's suexec
From: Christoph Martin <martin@uni-mainz.de>
Date: Fri, 11 Jan 2002 17:24:42 +0100 (MET)
Message-id: <[🔎] 15423.4554.576973.147959@arthur.zdv.Uni-Mainz.DE>
In-reply-to: <[🔎] 20020111044047.A26644@parcelfarce.linux.theplanet.co.uk>
References: <[🔎] 20020111044047.A26644@parcelfarce.linux.theplanet.co.uk>

Matthew Wilcox writes:
 > 
 > I'm planning on fixing #40226 in apache 1.3.22-6.  After all, it's only
 > been open >2.5 years.  With this patch:
 > 
 > @@ -165,6 +166,8 @@
 >      "UNIQUE_ID",
 >      "USER_NAME",
 >      "TZ",
 > +    "HTTPS",
 > +    "REDIRECT_HTTPS",
 >      NULL
 >  };
 > 
 > @@ -228,7 +231,8 @@
 >      cidx++;
 > 
 >      for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
 > -       if (!strncmp(*ep, "HTTP_", 5)) {
 > +       if (!strncmp(*ep, "HTTP_", 5) ||
 > +           !strncmp(*ep, "SSL_", 4)) {
 >             cleanenv[cidx] = *ep;
 >             cidx++;
 >         }
 > 
 > is there any more that needs to be done to remove suexec from apache-ssl?

The ssl patch for suexec is the following:

--- ../apache_1.3.19/src/support/suexec.c	Mon Jan 15 17:06:40 2001
+++ ./src/support/suexec.c	Fri Mar 23 14:17:51 2001
@@ -228,7 +228,8 @@
     cidx++;
 
     for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
-	if (!strncmp(*ep, "HTTP_", 5)) {
+	if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep,"HTTPS",5)
+	    || !strncmp(*ep,"SSL_",4)) {
 	    cleanenv[cidx] = *ep;
 	    cidx++;
 	}

I think that is all.

Christoph

Reply to:

Follow-Ups:
- Re: apache-ssl's suexec
  - From: Matthew Wilcox <willy@debian.org>

References:
- apache-ssl's suexec
  - From: Matthew Wilcox <willy@debian.org>

Prev by Date: apache-ssl's suexec
Next by Date: Re: apache-ssl's suexec
Previous by thread: apache-ssl's suexec
Next by thread: Re: apache-ssl's suexec
Index(es):
- Date
- Thread