Bug#83602: marked as done (suexec+/cgi-bin/=fault)

To: Marco Rodrigues <gothicx@sapo.pt>
Subject: Bug#83602: marked as done (suexec+/cgi-bin/=fault)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 16 Sep 2009 20:43:25 +0000
Message-id: <handler.83602.D83602.12531335309626.ackdone@bugs.debian.org>
References: <1253129644.301390.2617.nullmailer@kmos.homeip.net> <20010126033201.16627.qmail@oniltz.tdisie.nsc.ru>

Your message dated Wed, 16 Sep 2009 20:34:04 +0100
with message-id <1253129644.301390.2617.nullmailer@kmos.homeip.net>
and subject line Package apache has been removed from Debian
has caused the Debian Bug report #83602,
regarding suexec+/cgi-bin/=fault
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
83602: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=83602
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: suexec+/cgi-bin/=fault
From: opa@oniltz.tdisie.nsc.ru
Date: 26 Jan 2001 03:32:01 -0000
Message-id: <20010126033201.16627.qmail@oniltz.tdisie.nsc.ru>

Package: apache
Version: 1.3.14

There are I setup suexec I found my system-wide and trusted scripts from
/usr/lib/cgi-bin/ fails because "command not in docroot
(/usr/lib/cgi-bin/php)" and others too.

because dir treats as trusted with write access only for root I decided to
patch suexec to allow run scripts from this dir w/o so strict checks for
this dir. Patch follows.

IMHO it's sufficiently safe and simple to be uploaded to unstable

I uses potato/i386,kernel 2.2.18,apache_1.3.14-2


83a84,85
> #define  safe_dir "/usr/lib/cgi-bin" 
> 
481a484
>     int insafedir = 0;          /* OPA run this dir as requsted*/
635,636c638,639
<      * a UID less than UID_MIN.  Tsk tsk.
<      */
---
> * a UID less than UID_MIN.  Tsk tsk.
> */
682a686,690
>     /*
>      * OPA: check if script from safe dir and any user can run it by itself
>      */
>     if(!strncmp(cwd,safe_dir,strlen(safe_dir)))insafedir=1;
>      
701c709
<     if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
---
>     if (!insafedir&&(strncmp(cwd, dwd, strlen(dwd))) != 0) {
734c742
<     
---
> 
760c768,769
<     if ((uid != dir_info.st_uid) ||
---
>     if(!insafedir)
>      if ((uid != dir_info.st_uid) ||

--- End Message ---

--- Begin Message ---

To: 83602-done@bugs.debian.org

Subject: Package apache has been removed from Debian

From: Marco Rodrigues <gothicx@sapo.pt>

Date: Wed, 16 Sep 2009 20:34:04 +0100

Message-id: <1253129644.301390.2617.nullmailer@kmos.homeip.net>
Version: 1.3.34-4.1+rm

You filled the bug http://bugs.debian.org/83602 in Debian BTS
against the package apache. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/418266. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues
--- End Message ---

Reply to:

Prev by Date: Bug#293260: marked as done (/etc/init.d/apache script ignores $CONF)
Next by Date: Bug#308483: marked as done (apache-modconf: use conf.d style directory instead of autogenerated file)
Previous by thread: Bug#293260: marked as done (/etc/init.d/apache script ignores $CONF)
Next by thread: Bug#83602: marked as done (suexec+/cgi-bin/=fault)
Index(es):
- Date
- Thread