Re: apache-ssl's suexec
Matthew Wilcox writes:
>
> I'm planning on fixing #40226 in apache 1.3.22-6. After all, it's only
> been open >2.5 years. With this patch:
>
> @@ -165,6 +166,8 @@
> "UNIQUE_ID",
> "USER_NAME",
> "TZ",
> + "HTTPS",
> + "REDIRECT_HTTPS",
> NULL
> };
>
> @@ -228,7 +231,8 @@
> cidx++;
>
> for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
> - if (!strncmp(*ep, "HTTP_", 5)) {
> + if (!strncmp(*ep, "HTTP_", 5) ||
> + !strncmp(*ep, "SSL_", 4)) {
> cleanenv[cidx] = *ep;
> cidx++;
> }
>
> is there any more that needs to be done to remove suexec from apache-ssl?
The ssl patch for suexec is the following:
--- ../apache_1.3.19/src/support/suexec.c Mon Jan 15 17:06:40 2001
+++ ./src/support/suexec.c Fri Mar 23 14:17:51 2001
@@ -228,7 +228,8 @@
cidx++;
for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
- if (!strncmp(*ep, "HTTP_", 5)) {
+ if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep,"HTTPS",5)
+ || !strncmp(*ep,"SSL_",4)) {
cleanenv[cidx] = *ep;
cidx++;
}
I think that is all.
Christoph
Reply to: