[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#385656: marked as done (apache: mod_cgi does not play well with Posix ACLs)



Your message dated Wed, 16 Sep 2009 20:34:04 +0100
with message-id <1253129644.995524.2643.nullmailer@kmos.homeip.net>
and subject line Package apache has been removed from Debian
has caused the Debian Bug report #385656,
regarding apache: mod_cgi does not play well with Posix ACLs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
385656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385656
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apache
Version: 1.3.34-4+aclfix
Severity: normal


Apache's mod_cgi will not execute cgi scripts that
have an ACL entry allowing www-data to execute them 
unless they also have standard Unix permissions 
allowing execution. Thus defeating the purpose of using
the ACL in the first place.

I have attached a patch that seems to work for me.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages apache depends on:
ii  apache-common            1.3.34-4+aclfix support files for all Apache webse
ii  debconf [debconf-2.0]    1.4.30.11       Debian configuration management sy
ii  libc6                    2.3.6-7         GNU C Library: Shared libraries
ii  libdb4.4                 4.4.20-3        Berkeley v4.4 Database Libraries [
ii  libexpat1                1.95.8-3.2      XML parsing C library - runtime li
ii  libmagic1                4.12-1          File type determination library us
ii  logrotate                3.7-2           Log rotation utility
ii  lsb-base                 3.0-16          Linux Standard Base 3.0 init scrip
ii  mime-support             3.28-1          MIME files 'mime.types' & 'mailcap
ii  perl                     5.8.8-6.1       Larry Wall's Practical Extraction 

apache recommends no packages.

-- debconf information excluded

-- 
the Edward Blevins   <thedward@barsoom.net>    (512) 796-6661
/(0\         mi tavla fo la lojban .i xu do go'i? 
\1)/ .i.e'u ko vitke fi zoi .url. http://www.lojban.org .url.
Today is Prickle-Prickle, the 25th day of Bureaucracy in the YOLD 3172
diff -Naurd build-tree/apache_1.3.34/src/modules/standard/mod_cgi.c apache_1.3.34-cgi-acl-fix/src/modules/standard/mod_cgi.c
--- build-tree/apache_1.3.34/src/modules/standard/mod_cgi.c	2004-11-24 13:10:19.000000000 -0600
+++ apache_1.3.34-cgi-acl-fix/src/modules/standard/mod_cgi.c	2006-09-01 16:02:49.821235919 -0500
@@ -382,9 +382,14 @@
 	return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
 			       "attempt to invoke directory as script");
     if (!ap_suexec_enabled) {
-	if (!ap_can_exec(&r->finfo))
-	    return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
-				   "file permissions deny server execution");
+        if(access(r->filename, X_OK)) {
+          if (errno == EACCES)
+            return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
+                                   "file permissions deny server execution");
+          else
+          return log_scripterror(r, conf, SERVER_ERROR, APLOG_NOERRNO,
+                                 "system error checking execute access");
+        }
     }
 
     if ((retval = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)))

--- End Message ---
--- Begin Message ---
Version: 1.3.34-4.1+rm

You filled the bug http://bugs.debian.org/385656 in Debian BTS
against the package apache. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/418266. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues


--- End Message ---

Reply to: