Bug#528062: apache2: mod_userdir is broken with respect to suexec support. patch included
Package: apache2
Version: 2.2.11-3
Severity: important
Hi,
on one of my production system I'm using ldap_userdir which borrowed code
from mod_userdir. After some investigation (suexec support was naccassary)
that there is error in suexec handling, and it existed many years unnoticed.
Hopefully mod-ldap-userdir author accepted my patches (about request notes,
and some bad usage of strtoul) and everything works out of box on lenny now.
Bud bad code in mod_userdir still exists.
I'm attaching the patch for mod_userdir.c. (based on patch for mod_ldap_userdir.c)
It was tested and works correctly. Please apply and notify upstream if possible.
Thanks you.
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages apache2 depends on:
pn apache2-mpm-worker | apache2- <none> (no description available)
apache2 recommends no packages.
apache2 suggests no packages.
--- ./modules/mappers/mod_userdir.c 2006-07-12 05:38:44.000000000 +0200
+++ ../mod_userdir.c 2009-05-10 17:38:36.048667150 +0200
@@ -186,9 +186,11 @@
const userdir_config *s_cfg;
char *name = r->uri;
const char *userdirs;
+ request_rec *notes_req;
const char *w, *dname;
char *redirect;
apr_finfo_t statbuf;
+
/*
* If the URI doesn't match our basic pattern, we've nothing to do with
@@ -312,8 +314,17 @@
if (*userdirs && dname[0] == 0)
r->finfo = statbuf;
+ /* We could be servicing a sub-request; make sure we put notes
+ * on the main request.
+ */
+ if (r->main) {
+ notes_req = r->main;
+ } else {
+ notes_req = r;
+ }
+
/* For use in the get_suexec_identity phase */
- apr_table_setn(r->notes, "mod_userdir_user", w);
+ apr_table_setn(notes_req->notes, "mod_userdir_user", w);
return OK;
}
Reply to: