>Number: 4069 >Category: suexec >Synopsis: SuEXEC doesn't work with mod_userdir as well as it should. >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Mar 16 16:10:01 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.5 -dev >Environment: NetBSD byzantium.nyc.access.net 1.3.2 NetBSD 1.3.2 (PANIX-STAFF) #0: Thu Sep 17 17:49:04 EDT 1998 [EMAIL PROTECTED]:/devel/netbsd/1.3.2/src/sys/arch/i386/compile/PANIX-STAFF i386 >Description: mod_userdir allows an admin to dissociate the /etc/passwd home directory for a user from the doc that gets returned on a ~username URL request. SuEXEC only understands the (typical) ~user/public_html/ as a docroot for individual users, and won't execute requests outside that directory. >How-To-Repeat: In httpd.conf: UserDir /htdocs/userdirs/ put a CGI-script under that userdir, and try to GET it >Fix: modify util_script.c to never pass the '~' on the command line to SuEXEC, and remove the ~user/public_html check from SuEXEC, when an appropriate directive is in the httpd.conf for the request. If y'all accept the patch I recently sent in, the flag already exists in the URIOwner config directive. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
