Your message dated Wed, 16 Sep 2009 20:34:04 +0100 with message-id <1253129644.301390.2617.nullmailer@kmos.homeip.net> and subject line Package apache has been removed from Debian has caused the Debian Bug report #83602, regarding suexec+/cgi-bin/=fault to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 83602: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=83602 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: suexec+/cgi-bin/=fault
- From: opa@oniltz.tdisie.nsc.ru
- Date: 26 Jan 2001 03:32:01 -0000
- Message-id: <20010126033201.16627.qmail@oniltz.tdisie.nsc.ru>
Package: apache Version: 1.3.14 There are I setup suexec I found my system-wide and trusted scripts from /usr/lib/cgi-bin/ fails because "command not in docroot (/usr/lib/cgi-bin/php)" and others too. because dir treats as trusted with write access only for root I decided to patch suexec to allow run scripts from this dir w/o so strict checks for this dir. Patch follows. IMHO it's sufficiently safe and simple to be uploaded to unstable I uses potato/i386,kernel 2.2.18,apache_1.3.14-2 83a84,85 > #define safe_dir "/usr/lib/cgi-bin" > 481a484 > int insafedir = 0; /* OPA run this dir as requsted*/ 635,636c638,639 < * a UID less than UID_MIN. Tsk tsk. < */ --- > * a UID less than UID_MIN. Tsk tsk. > */ 682a686,690 > /* > * OPA: check if script from safe dir and any user can run it by itself > */ > if(!strncmp(cwd,safe_dir,strlen(safe_dir)))insafedir=1; > 701c709 < if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { --- > if (!insafedir&&(strncmp(cwd, dwd, strlen(dwd))) != 0) { 734c742 < --- > 760c768,769 < if ((uid != dir_info.st_uid) || --- > if(!insafedir) > if ((uid != dir_info.st_uid) ||
--- End Message ---
--- Begin Message ---
- To: 83602-done@bugs.debian.org
- Subject: Package apache has been removed from Debian
- From: Marco Rodrigues <gothicx@sapo.pt>
- Date: Wed, 16 Sep 2009 20:34:04 +0100
- Message-id: <1253129644.301390.2617.nullmailer@kmos.homeip.net>
Version: 1.3.34-4.1+rm You filled the bug http://bugs.debian.org/83602 in Debian BTS against the package apache. I'm closing it at *unstable*, but it will remain open for older distributions. For more information about this package's removal, read http://bugs.debian.org/418266. That bug might give the reasons why this package was removed and suggestions of possible replacements. Don't hesitate to reply to this mail if you have any question. Thank you for your contribution to Debian. -- Marco Rodrigues
--- End Message ---