Bug#70982: marked as done (apache: apache calls suexec in "user" mode, even when userdir is disabled)

To: Marco Rodrigues <gothicx@sapo.pt>
Subject: Bug#70982: marked as done (apache: apache calls suexec in "user" mode, even when userdir is disabled)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 16 Sep 2009 22:03:44 +0000
Message-id: <handler.70982.D70982.125313806929342.ackdone@bugs.debian.org>
References: <1253133169.153130.3695.nullmailer@kmos.homeip.net> <20000906011529.51613A780A@cyberhq.internal.cyberhqz.com>

Your message dated Wed, 16 Sep 2009 21:32:49 +0100
with message-id <1253133169.153130.3695.nullmailer@kmos.homeip.net>
and subject line Package apache has been removed from Debian
has caused the Debian Bug report #70982,
regarding apache: apache calls suexec in "user" mode, even when userdir is disabled
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
70982: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=70982
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: apache: apache calls suexec in "user" mode, even when userdir is disabled
From: Ryan Murray <rmurray@cyberhqz.com>
Date: Tue, 5 Sep 2000 18:15:29 -0700 (PDT)
Message-id: <20000906011529.51613A780A@cyberhq.internal.cyberhqz.com>

Package: apache
Version: N/A
Severity: normal

Apache will call suexec in "user" mode (specifying a user to su to), when
any URL starts with ~/.  It does not check if UserDir has been disabled before
doing this.

ViewCvs (and cvsweb) use the token "~checkout~" at the front of a URL to
indicate that the file should be downloaded from CVS.  If a server is setup
such as "cvs.example.com", with a rewrite rule pointing at the CGI script,
suexec will be run, and try to switch to user "checkout", which is incorrect.

This bug should probably be forwarded upstream.  I think a test to see if
userdir is disabled, and if so, pass any parameters verbatim, would solve
the problem.

-- System Information
Debian Release: woody
Kernel Version: Linux cyberhq 2.4.0-test7 #2 SMP Sun Aug 27 22:05:33 PDT 2000 i686 unknown

--- End Message ---

--- Begin Message ---

To: 70982-done@bugs.debian.org

Subject: Package apache has been removed from Debian

From: Marco Rodrigues <gothicx@sapo.pt>

Date: Wed, 16 Sep 2009 21:32:49 +0100

Message-id: <1253133169.153130.3695.nullmailer@kmos.homeip.net>
Version: 1.3.34-4.1+rm

You filled the bug http://bugs.debian.org/70982 in Debian BTS
against the package apache. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/418266. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues
--- End Message ---

Reply to:

Prev by Date: Bug#92052: marked as done (does not pass authorization information to cgi programs)
Next by Date: Bug#282875: marked as done (apache: Adds /doc/ alias to httpd.conf even though it is in srm.conf)
Previous by thread: Bug#70982: marked as done (apache: apache calls suexec in "user" mode, even when userdir is disabled)
Next by thread: Bug#381095: marked as done (apache: considers local configuration file as its own)
Index(es):
- Date
- Thread