Bug#224035: apache: suexec compiled with uid>=1000, breaks internal systems

To: Joergen Haegg <jorgen.hagg@axis.com>, 224035@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#224035: apache: suexec compiled with uid>=1000, breaks internal systems
From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
Date: Mon, 15 Dec 2003 17:22:07 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.58.0312151719590.4210@trider-g7.ext.fabbione.net>
Reply-to: Fabio Massimo Di Nitto <fabbione@fabbione.net>, 224035@bugs.debian.org
In-reply-to: <[🔎] 200312151047.hBFAlNUX012038@zev.se.axis.com>
References: <[🔎] 200312151047.hBFAlNUX012038@zev.se.axis.com>

tags 224035 pending
merge 224035 223810 223902
stop
quit

Hi Joergen,
	no it is a bug and it is already fixed in cvs. It will be ok in
the next upload.

Sorry for the mess but i simply messed up the CFLAGS for suexec in the
attempt to enable PAM limit supports and i didn't noticed.

Fabio

On Mon, 15 Dec 2003, Joergen Haegg wrote:

> Package: apache
> Version: 1.3.29.0.1-1
> Severity: normal
>
>
> Apache's suexec is compiled with min uid 1000 as of 1.3.27.0-2.
>
> This is of course as it should be, however, there are existing
> environments where it is difficult to change all user uids above 1000.
> (Most of these have been active for more than 10 years when
> system uids was below 100. :-)
> Also some of my internal packages (not in Debian) depends on being
> able to suexec and still have a system account.
>
> Because of this, would you consider adding an extra suexec, compiled
> with the old uidmin?
> The select mechanism is already in place, it's just an extra question
> that's needed.
>
> -- System Information:
> Debian Release: testing/unstable
> Architecture: i386
> Kernel: Linux zev 2.4.23-zev #1 Fri Dec 12 12:58:22 CET 2003 i686
> Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-1
>
> Versions of packages apache depends on:
> ii  apache-common               1.3.29.0.1-1 Support files for all Apache webse
> ii  debconf                     1.3.22       Debian configuration management sy
> ii  dpkg                        1.10.18      Package maintenance system for Deb
> ii  libc6                       2.3.2.ds1-10 GNU C Library: Shared libraries an
> ii  libdb4.1                    4.1.25-10    Berkeley v4.1 Database Libraries [
> ii  libexpat1                   1.95.6-6     XML parsing C library - runtime li
> ii  libmagic1                   4.06-1       File type determination library us
> ii  libpam0g                    0.76-14      Pluggable Authentication Modules l
> ii  logrotate                   3.6.5-2      Log rotation utility
> ii  mime-support                3.23-1       MIME files 'mime.types' & 'mailcap
> ii  perl [perl5]                5.8.2-2      Larry Wall's Practical Extraction
>
> -- debconf information:
> * apache/enable-suexec: true
> * apache/server-name: zev.se.axis.com
> * apache/document-root: /var/www
> * apache/server-port: 80
> * apache/init: true
> * apache/server-admin: webmaster@zev.se.axis.com
>
>
>
>

-- 
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html

Reply to:

Follow-Ups:
- Processed: Re: Bug#224035: apache: suexec compiled with uid>=1000, breaks internal systems
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#224035: apache: suexec compiled with uid>=1000, breaks internal systems
  - From: Joergen Haegg <jorgen.hagg@axis.com>

Prev by Date: Bug#224049: libapache-mod-perl: Segmentaion fault when starting apache
Next by Date: Processed: Re: Bug#224035: apache: suexec compiled with uid>=1000, breaks internal systems
Previous by thread: Bug#224035: apache: suexec compiled with uid>=1000, breaks internal systems
Next by thread: Processed: Re: Bug#224035: apache: suexec compiled with uid>=1000, breaks internal systems
Index(es):
- Date
- Thread