Bug#224035: marked as done (apache: suexec compiled with uid>=1000, breaks internal systems)

Debian Bug Tracking System Tue, 16 Dec 2003 15:44:09 -0600

Your message dated Tue, 16 Dec 2003 12:32:20 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#223810: fixed in apache 1.3.29.0.1-2
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Dec 2003 13:14:04 +0000
>From [EMAIL PROTECTED] Mon Dec 15 07:14:03 2003
Return-path: <[EMAIL PROTECTED]>
Received: from (miranda.se.axis.com) [212.209.10.220] 
        by master.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1AVqG7-0005sK-00; Mon, 15 Dec 2003 04:47:27 -0600
Received: from zev.se.axis.com (zev.se.axis.com [10.0.1.13])
        by miranda.se.axis.com (8.12.9/8.12.9/Debian-5local0.1) with ESMTP id 
hBFAlOXm001179
        for <[EMAIL PROTECTED]>; Mon, 15 Dec 2003 11:47:24 +0100
Received: from zev.se.axis.com (localhost [127.0.0.1])
        by zev.se.axis.com (8.12.10/8.12.10/Debian-5) with ESMTP id 
hBFAlN2C012040;
        Mon, 15 Dec 2003 11:47:24 +0100
Received: (from [EMAIL PROTECTED])
        by zev.se.axis.com (8.12.10/8.12.10/Debian-5) id hBFAlNUX012038;
        Mon, 15 Dec 2003 11:47:23 +0100
Message-Id: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Joergen Haegg <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: apache: suexec compiled with uid>=1000, breaks internal systems
X-Mailer: reportbug 2.37
Date: Mon, 15 Dec 2003 11:47:23 +0100
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 
        2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_15 
        (1.212-2003-09-23-exp) on master.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=FOOASDF,HAS_PACKAGE 
        autolearn=no 
        version=2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_15
X-Spam-Level: 

Package: apache
Version: 1.3.29.0.1-1
Severity: normal


Apache's suexec is compiled with min uid 1000 as of 1.3.27.0-2.

This is of course as it should be, however, there are existing
environments where it is difficult to change all user uids above 1000.
(Most of these have been active for more than 10 years when
system uids was below 100. :-)
Also some of my internal packages (not in Debian) depends on being
able to suexec and still have a system account.

Because of this, would you consider adding an extra suexec, compiled
with the old uidmin?
The select mechanism is already in place, it's just an extra question
that's needed.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux zev 2.4.23-zev #1 Fri Dec 12 12:58:22 CET 2003 i686
Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-1

Versions of packages apache depends on:
ii  apache-common               1.3.29.0.1-1 Support files for all Apache webse
ii  debconf                     1.3.22       Debian configuration management sy
ii  dpkg                        1.10.18      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-10 GNU C Library: Shared libraries an
ii  libdb4.1                    4.1.25-10    Berkeley v4.1 Database Libraries [
ii  libexpat1                   1.95.6-6     XML parsing C library - runtime li
ii  libmagic1                   4.06-1       File type determination library us
ii  libpam0g                    0.76-14      Pluggable Authentication Modules l
ii  logrotate                   3.6.5-2      Log rotation utility
ii  mime-support                3.23-1       MIME files 'mime.types' & 'mailcap
ii  perl [perl5]                5.8.2-2      Larry Wall's Practical Extraction 

-- debconf information:
* apache/enable-suexec: true
* apache/server-name: zev.se.axis.com
* apache/document-root: /var/www
* apache/server-port: 80
* apache/init: true
* apache/server-admin: [EMAIL PROTECTED]


---------------------------------------
Received: (at 223810-close) by bugs.debian.org; 16 Dec 2003 18:27:40 +0000
>From [EMAIL PROTECTED] Tue Dec 16 12:27:40 2003
Return-path: <[EMAIL PROTECTED]>
Received: from auric.debian.org [206.246.226.45] 
        by master.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1AWJ5D-0006gh-00; Tue, 16 Dec 2003 11:34:07 -0600
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
        id 1AWJ3U-0000ld-00; Tue, 16 Dec 2003 12:32:20 -0500
From: [EMAIL PROTECTED] (Fabio M. Di Nitto)
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.43 $
Subject: Bug#223810: fixed in apache 1.3.29.0.1-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 16 Dec 2003 12:32:20 -0500
Delivered-To: [EMAIL PROTECTED]

Source: apache
Source-Version: 1.3.29.0.1-2

We believe that the bug you reported is fixed in the latest version of
apache, which is due to be installed in the Debian FTP archive:

apache-common_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-common_1.3.29.0.1-2_i386.deb
apache-dbg_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-dbg_1.3.29.0.1-2_i386.deb
apache-dev_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-dev_1.3.29.0.1-2_i386.deb
apache-doc_1.3.29.0.1-2_all.deb
  to pool/main/a/apache/apache-doc_1.3.29.0.1-2_all.deb
apache-perl_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-perl_1.3.29.0.1-2_i386.deb
apache-ssl_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-ssl_1.3.29.0.1-2_i386.deb
apache-utils_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache-utils_1.3.29.0.1-2_i386.deb
apache_1.3.29.0.1-2.diff.gz
  to pool/main/a/apache/apache_1.3.29.0.1-2.diff.gz
apache_1.3.29.0.1-2.dsc
  to pool/main/a/apache/apache_1.3.29.0.1-2.dsc
apache_1.3.29.0.1-2_i386.deb
  to pool/main/a/apache/apache_1.3.29.0.1-2_i386.deb
libapache-mod-perl_1.29.0.1-2_i386.deb
  to pool/main/a/apache/libapache-mod-perl_1.29.0.1-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fabio M. Di Nitto <[EMAIL PROTECTED]> (supplier of updated apache package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 11 Dec 2003 21:05:37 +0100
Source: apache
Binary: apache-dev apache-common apache-doc apache-utils apache apache-dbg 
apache-perl libapache-mod-perl apache-ssl
Architecture: source i386 all
Version: 1.3.29.0.1-2
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Fabio M. Di Nitto <[EMAIL PROTECTED]>
Description: 
 apache     - Versatile, high-performance HTTP server
 apache-common - Support files for all Apache webservers
 apache-dbg - Apache webservers (debugging versions)
 apache-dev - Apache webserver development kit
 apache-doc - Apache webserver docs
 apache-perl - Versatile, high-performance HTTP server with Perl support
 apache-ssl - Versatile, high-performance HTTP server with SSL support
 apache-utils - Utility programs for webservers
 libapache-mod-perl - Integration of perl with the Apache web server
Closes: 223810 223829 223902 224035
Changes: 
 apache (1.3.29.0.1-2) unstable; urgency=low
 .
   * (Fabio M. Di Nitto)
     - Fixed compilation options for suexec
     (Closes: #223810, #223902, #224035)
     - Fixed apache-perl postinst and modules-config (Closes: #223829)
Files: 
 2bc1cbf1c502519d698985bca305de52 1085 web optional apache_1.3.29.0.1-2.dsc
 d39a69ea3ac1a4e1e54ed8754afab41e 364476 web optional 
apache_1.3.29.0.1-2.diff.gz
 fffcd9f46fbcab9b83c12ae466b9e2d4 1157070 doc optional 
apache-doc_1.3.29.0.1-2_all.deb
 2ee887e316b2b433ca29007b2d716b8b 365012 web optional 
apache_1.3.29.0.1-2_i386.deb
 0b2b28479307ca5b8f88215c3882f7e8 475866 web optional 
apache-ssl_1.3.29.0.1-2_i386.deb
 780ff2db07865a55d994f45607a5c373 483382 web extra 
apache-perl_1.3.29.0.1-2_i386.deb
 80f662193a6ef4add578cba72c1d7813 315352 devel extra 
apache-dev_1.3.29.0.1-2_i386.deb
 6bdddc9b65d75aaab5a6409dae45acbc 9057030 devel extra 
apache-dbg_1.3.29.0.1-2_i386.deb
 023dccdcf296e85643873633a4e8d7c2 811246 web optional 
apache-common_1.3.29.0.1-2_i386.deb
 aa3e465a8b2b3e0f0680e6b30878122a 252252 web optional 
apache-utils_1.3.29.0.1-2_i386.deb
 32922121bd8384404c7ddf309fc45a4e 478996 web optional 
libapache-mod-perl_1.29.0.1-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/3z0uhCzbekR3nhgRAhUEAJ42M9QlCuNH/3CvmTcT6leZfnpyIgCeM5hI
Si+MwwDWAicUlF15x6o+IEI=
=qbKw
-----END PGP SIGNATURE-----

Bug#224035: marked as done (apache: suexec compiled with uid>=1000, breaks internal systems)

Reply via email to