[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#224035: marked as done (apache: suexec compiled with uid>=1000, breaks internal systems)

Your message dated Tue, 16 Dec 2003 12:32:20 -0500
with message-id <E1AWJ3U-0000ld-00@auric.debian.org>
and subject line Bug#223810: fixed in apache 1.3.29.0.1-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Dec 2003 13:14:04 +0000
>From jh@zev.se.axis.com Mon Dec 15 07:14:03 2003
Return-path: <jh@zev.se.axis.com>
Received: from (miranda.se.axis.com) [212.209.10.220] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1AVqG7-0005sK-00; Mon, 15 Dec 2003 04:47:27 -0600
Received: from zev.se.axis.com (zev.se.axis.com [10.0.1.13])
	by miranda.se.axis.com (8.12.9/8.12.9/Debian-5local0.1) with ESMTP id hBFAlOXm001179
	for <submit@bugs.debian.org>; Mon, 15 Dec 2003 11:47:24 +0100
Received: from zev.se.axis.com (localhost [127.0.0.1])
	by zev.se.axis.com (8.12.10/8.12.10/Debian-5) with ESMTP id hBFAlN2C012040;
	Mon, 15 Dec 2003 11:47:24 +0100
Received: (from jh@localhost)
	by zev.se.axis.com (8.12.10/8.12.10/Debian-5) id hBFAlNUX012038;
	Mon, 15 Dec 2003 11:47:23 +0100
Message-Id: <[🔎] 200312151047.hBFAlNUX012038@zev.se.axis.com>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Joergen Haegg <jorgen.hagg@axis.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache: suexec compiled with uid>=1000, breaks internal systems
X-Mailer: reportbug 2.37
Date: Mon, 15 Dec 2003 11:47:23 +0100
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 
	2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_15 
	(1.212-2003-09-23-exp) on master.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=FOOASDF,HAS_PACKAGE 
	autolearn=no 
	version=2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_15
X-Spam-Level: 

Package: apache
Version: 1.3.29.0.1-1
Severity: normal


Apache's suexec is compiled with min uid 1000 as of 1.3.27.0-2.

This is of course as it should be, however, there are existing
environments where it is difficult to change all user uids above 1000.
(Most of these have been active for more than 10 years when
system uids was below 100. :-)
Also some of my internal packages (not in Debian) depends on being
able to suexec and still have a system account.

Because of this, would you consider adding an extra suexec, compiled
with the old uidmin?
The select mechanism is already in place, it's just an extra question
that's needed.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux zev 2.4.23-zev #1 Fri Dec 12 12:58:22 CET 2003 i686
Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-1

Versions of packages apache depends on:
ii  apache-common               1.3.29.0.1-1 Support files for all Apache webse
ii  debconf                     1.3.22       Debian configuration management sy
ii  dpkg                        1.10.18      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-10 GNU C Library: Shared libraries an
ii  libdb4.1                    4.1.25-10    Berkeley v4.1 Database Libraries [
ii  libexpat1                   1.95.6-6     XML parsing C library - runtime li
ii  libmagic1                   4.06-1       File type determination library us
ii  libpam0g                    0.76-14      Pluggable Authentication Modules l
ii  logrotate                   3.6.5-2      Log rotation utility
ii  mime-support                3.23-1       MIME files 'mime.types' & 'mailcap
ii  perl [perl5]                5.8.2-2      Larry Wall's Practical Extraction 

-- debconf information:
* apache/enable-suexec: true
* apache/server-name: zev.se.axis.com
* apache/document-root: /var/www
* apache/server-port: 80
* apache/init: true
* apache/server-admin: webmaster@zev.se.axis.com


---------------------------------------
Received: (at 223810-close) by bugs.debian.org; 16 Dec 2003 18:27:40 +0000
>From katie@auric.debian.org Tue Dec 16 12:27:40 2003
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1AWJ5D-0006gh-00; Tue, 16 Dec 2003 11:34:07 -0600
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
	id 1AWJ3U-0000ld-00; Tue, 16 Dec 2003 12:32:20 -0500
From: fabbione@fabbione.net (Fabio M. Di Nitto)
To: 223810-close@bugs.debian.org
X-Katie: $Revision: 1.43 $
Subject: Bug#223810: fixed in apache 1.3.29.0.1-2
Message-Id: <E1AWJ3U-0000ld-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Tue, 16 Dec 2003 12:32:20 -0500
Delivered-To: 223810-close@bugs.debian.org

Source: apache
Source-Version: 1.3.29.0.1-2

We believe that the bug you reported is fixed in the latest version of
apache, which is due to be installed in the Debian FTP archive:

apache-common_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-common_1.3.29.0.1-2_i386.deb
apache-dbg_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-dbg_1.3.29.0.1-2_i386.deb
apache-dev_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-dev_1.3.29.0.1-2_i386.deb
apache-doc_1.3.29.0.1-2_all.deb
  to pool/main/a/apache/apache-doc_1.3.29.0.1-2_all.deb
apache-perl_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-perl_1.3.29.0.1-2_i386.deb
apache-ssl_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-ssl_1.3.29.0.1-2_i386.deb
apache-utils_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-utils_1.3.29.0.1-2_i386.deb
apache_1.3.29.0.1-2.diff.gz
  to pool/main/a/apache/apache_1.3.29.0.1-2.diff.gz
apache_1.3.29.0.1-2.dsc
  to pool/main/a/apache/apache_1.3.29.0.1-2.dsc
apache_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache_1.3.29.0.1-2_i386.deb
libapache-mod-perl_1.29.0.1-2_i386.deb
  to pool/main/a/apache/libapache-mod-perl_1.29.0.1-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 223810@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fabio M. Di Nitto <fabbione@fabbione.net> (supplier of updated apache package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 11 Dec 2003 21:05:37 +0100
Source: apache
Binary: apache-dev apache-common apache-doc apache-utils apache apache-dbg apache-perl libapache-mod-perl apache-ssl
Architecture: source i386 all
Version: 1.3.29.0.1-2
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Fabio M. Di Nitto <fabbione@fabbione.net>
Description: 
 apache     - Versatile, high-performance HTTP server
 apache-common - Support files for all Apache webservers
 apache-dbg - Apache webservers (debugging versions)
 apache-dev - Apache webserver development kit
 apache-doc - Apache webserver docs
 apache-perl - Versatile, high-performance HTTP server with Perl support
 apache-ssl - Versatile, high-performance HTTP server with SSL support
 apache-utils - Utility programs for webservers
 libapache-mod-perl - Integration of perl with the Apache web server
Closes: 223810 223829 223902 224035
Changes: 
 apache (1.3.29.0.1-2) unstable; urgency=low
 .
   * (Fabio M. Di Nitto)
     - Fixed compilation options for suexec
     (Closes: #223810, #223902, #224035)
     - Fixed apache-perl postinst and modules-config (Closes: #223829)
Files: 
 2bc1cbf1c502519d698985bca305de52 1085 web optional apache_1.3.29.0.1-2.dsc
 d39a69ea3ac1a4e1e54ed8754afab41e 364476 web optional apache_1.3.29.0.1-2.diff.gz
 fffcd9f46fbcab9b83c12ae466b9e2d4 1157070 doc optional apache-doc_1.3.29.0.1-2_all.deb
 2ee887e316b2b433ca29007b2d716b8b 365012 web optional apache_1.3.29.0.1-2_i386.deb
 0b2b28479307ca5b8f88215c3882f7e8 475866 web optional apache-ssl_1.3.29.0.1-2_i386.deb
 780ff2db07865a55d994f45607a5c373 483382 web extra apache-perl_1.3.29.0.1-2_i386.deb
 80f662193a6ef4add578cba72c1d7813 315352 devel extra apache-dev_1.3.29.0.1-2_i386.deb
 6bdddc9b65d75aaab5a6409dae45acbc 9057030 devel extra apache-dbg_1.3.29.0.1-2_i386.deb
 023dccdcf296e85643873633a4e8d7c2 811246 web optional apache-common_1.3.29.0.1-2_i386.deb
 aa3e465a8b2b3e0f0680e6b30878122a 252252 web optional apache-utils_1.3.29.0.1-2_i386.deb
 32922121bd8384404c7ddf309fc45a4e 478996 web optional libapache-mod-perl_1.29.0.1-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/3z0uhCzbekR3nhgRAhUEAJ42M9QlCuNH/3CvmTcT6leZfnpyIgCeM5hI
Si+MwwDWAicUlF15x6o+IEI=
=qbKw
-----END PGP SIGNATURE-----
Reply to: