Bug#224035: apache: suexec compiled with uid>=1000, breaks internal systems
tags 224035 pending
merge 224035 223810 223902
stop
quit
Hi Joergen,
no it is a bug and it is already fixed in cvs. It will be ok in
the next upload.
Sorry for the mess but i simply messed up the CFLAGS for suexec in the
attempt to enable PAM limit supports and i didn't noticed.
Fabio
On Mon, 15 Dec 2003, Joergen Haegg wrote:
> Package: apache
> Version: 1.3.29.0.1-1
> Severity: normal
>
>
> Apache's suexec is compiled with min uid 1000 as of 1.3.27.0-2.
>
> This is of course as it should be, however, there are existing
> environments where it is difficult to change all user uids above 1000.
> (Most of these have been active for more than 10 years when
> system uids was below 100. :-)
> Also some of my internal packages (not in Debian) depends on being
> able to suexec and still have a system account.
>
> Because of this, would you consider adding an extra suexec, compiled
> with the old uidmin?
> The select mechanism is already in place, it's just an extra question
> that's needed.
>
> -- System Information:
> Debian Release: testing/unstable
> Architecture: i386
> Kernel: Linux zev 2.4.23-zev #1 Fri Dec 12 12:58:22 CET 2003 i686
> Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-1
>
> Versions of packages apache depends on:
> ii apache-common 1.3.29.0.1-1 Support files for all Apache webse
> ii debconf 1.3.22 Debian configuration management sy
> ii dpkg 1.10.18 Package maintenance system for Deb
> ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an
> ii libdb4.1 4.1.25-10 Berkeley v4.1 Database Libraries [
> ii libexpat1 1.95.6-6 XML parsing C library - runtime li
> ii libmagic1 4.06-1 File type determination library us
> ii libpam0g 0.76-14 Pluggable Authentication Modules l
> ii logrotate 3.6.5-2 Log rotation utility
> ii mime-support 3.23-1 MIME files 'mime.types' & 'mailcap
> ii perl [perl5] 5.8.2-2 Larry Wall's Practical Extraction
>
> -- debconf information:
> * apache/enable-suexec: true
> * apache/server-name: zev.se.axis.com
> * apache/document-root: /var/www
> * apache/server-port: 80
> * apache/init: true
> * apache/server-admin: webmaster@zev.se.axis.com
>
>
>
>
--
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues
http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html
Reply to: