** Summary changed: - libapache2-mod-suphp causes double free error in Apache error log when script is inaccessible + suphp 0.6.2 backport request to dapper (0.6.1) and edgy (0.6.1) from feisty
** Description changed: + Backport request: please backport suphp 0.6.2 to dapper and edgy from + feisty. + Binary package hint: libapache2-mod-suphp Whenever suphp refuses to run a script for any reason (e.g. UID/GID out of configured allowable range, wrong permissions, etc), it causes the following error messages to appear in the Apache error log: ---SNIP--- [Mon Nov 27 17:56:12 2006] [error] [client 142.150.160.59] Premature end of script headers: index.cgi [Mon Nov 27 17:56:12 2006] [error] [client 142.150.160.59] SoftException in Application.cpp:193: Script "/var/www/index.cgi" resolving to "/var/www/index.cgi" not within configured docroot [Mon Nov 27 17:56:12 2006] [error] [client 142.150.160.59] *** glibc detected *** double free or corruption (fasttop): 0x0806f990 *** [Mon Nov 27 17:56:41 2006] [error] [client 142.150.160.59] Premature end of script headers: index.cgi [Mon Nov 27 17:56:41 2006] [error] [client 142.150.160.59] SoftException in Application.cpp:291: UID of script "/var/www/index.cgi" is smaller than min_uid [Mon Nov 27 17:56:41 2006] [error] [client 142.150.160.59] *** glibc detected *** double free or corruption (fasttop): 0x0806f9f8 *** [Mon Nov 27 17:57:18 2006] [error] [client 142.150.160.59] Premature end of script headers: index.cgi [Mon Nov 27 17:57:18 2006] [error] [client 142.150.160.59] SoftException in Application.cpp:472: Could not execute script "/var/www/index.cgi" [Mon Nov 27 17:57:18 2006] [error] [client 142.150.160.59] Caused by SystemException in API_Linux.cpp:427: execve() for program "/var/www/index.cgi" failed: Permission denied [Mon Nov 27 17:57:18 2006] [error] [client 142.150.160.59] *** glibc detected *** double free or corruption (fasttop): 0x0806f9f8 *** ---SNIP--- As you can see, the above are three distinct examples: 1. [Mon Nov 27 17:56:12 2006] was caused by the target script being outside of the allowable suphp docroot. 2. [Mon Nov 27 17:56:41 2006] was caused by wrong ownership: owner UID of the target script file was less than the allowable UID. 3. [Mon Nov 27 17:57:18 2006] was caused by wrong permissions (the www-data user/group has no read access to the script in question). In all three cases, the last error message seen was always "*** glibc detected *** double free or corruption (fasttop): 0x0806f9f8 ***" which is a bit unnerving. I am not sure if this problem is potentially exploitable. Note that this seems to be a known issue with suphp, and the latest release (0.6.2) seems to have addressed the issue according to the suphp homepage: http://www.suphp.org/ -- suphp 0.6.2 backport request to dapper (0.6.1) and edgy (0.6.1) from feisty https://launchpad.net/bugs/73556 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
