[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#618857: apache2-mpm-itk: if you do not assign a user ID, the default one from Apache is _NOT_ used.


Steinar, thanks for your reply.

One comment more:
I admit I have not default configuration so, on my custom instalation, I don't need to set "NiceValue" to reproduce the issue.

On a flesh installation I reproduced bug as you said. After your patch, bug is fixed.

El 20/03/2011, a las 13:37, Steinar H. Gunderson escribió:

tags 618857 + patch

On Sat, Mar 19, 2011 at 01:05:43AM +0100, Samuel Montosa wrote:
As far I tested, versions prior to 'squeeze', apache/itk behavior was as
claimed at http://mpm-itk.sesse.net/

AssignUserID: Takes two parameters, uid and gid (or really, user name
and group name); specifies what uid and gid the vhost will run as (after
parsing the request etc., of course).

_________Note that if you do not assign a user ID, the default one from
Apache will be used._____________

On 'squeeze', if user ID is not assigned by AssignUserID at VirtualHost,
default ID will be __root__. User and Group directives from Apache will
be ignored.


I managed to reproduce your bug; it only happens if you do not set
AssignUserID but do set NiceValue. In other words, the default configuration
is unaffected (and most normal ones), but it is still an issue.

I have a patch for this, but as upstream I believe I need to go through the
CVE procedure. Does anyone from the security team (Cc-ed) want to help me
through the process? I guess first of all I need a CVE number assigned that I
can refer to in the upstream changelog.

FWIW, the patch is:

diff -ur orig/httpd-2.2.17/server/mpm/experimental/itk/itk.c httpd-2.2.17/server/mpm/experimental/itk/itk.c
--- orig/httpd-2.2.17/server/mpm/experimental/itk/itk.c 2011-03-20 13:18:18.000000000 +0100
+++ httpd-2.2.17/server/mpm/experimental/itk/itk.c      2011-03-20 13:15:42.000000000 +0100
@@ -1697,8 +1697,8 @@
/* == merge the parent per-dir config structure into ours == */
static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr)
-    itk_per_dir_conf *c = (itk_per_dir_conf *)
-        apr_pcalloc(p, sizeof(itk_per_dir_conf));
+    itk_per_dir_conf *c = (itk_per_dir_conf *)
+        itk_create_dir_config(p, NULL);
    itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr;
    itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr;

Testing would be appreciated. I'm attaching a debdiff with the patch put into
the patch system, for testing.

/* Steinar */
Homepage: http://www.sesse.net/

Samuel Montosa

Reply to: