1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
<html><head><title>Debian bug report logs - #21525</title>
<link rev="made" href="mailto:owner@bugs.debian.org">
</head><body><h1>Debian bug report logs - #21525<br>
apache: suexec security problem</h1>Package: <A href="../pa/lapache.html"><strong>apache</strong></A>;
<strong>Severity: important</strong>;
Reported by: <gorgo@passenger.telnet.hu>; dated Wed, 22 Apr 1998 12:48:02 GMT;
Maintainer for apache is
<A href="../ma/lJohnie_Ingram,johnie,debian.org,.html">Johnie Ingram <johnie@debian.org></A>.
<hr>
<h2>Message received at submit@bugs.debian.org:</h2><br>
<pre>
Received: (at submit) by bugs.debian.org; 22 Apr 1998 12:37:36 +0000
Received: (qmail 30694 invoked from network); 22 Apr 1998 12:37:33 -0000
Received: from passenger.telnet.hu (gorgo@195.8.42.41)
by debian.novare.net with SMTP; 22 Apr 1998 12:37:33 -0000
Received: (from gorgo@localhost)
by passenger.telnet.hu (8.8.8/8.8.8/Debian/GNU) id OAA22621;
Wed, 22 Apr 1998 14:36:53 +0200
Date: Wed, 22 Apr 1998 14:36:53 +0200
Message-Id: <199804221236.OAA22621@passenger.telnet.hu>
From: <gorgo@passenger.telnet.hu>
Subject: apache: suexec security problem
To: submit@bugs.debian.org
X-Mailer: bug 3.1.2
Package: apache
Version: 1.3b6-1
Severity: important
IIRC previous versions of apache refused to run when there were configuration
directives requiring suexec wrapper in httpd.conf while suexec was not
configured properly. 1.3b6 just gives a warning in error log. So if somehow
suexec lost its setuid bit, all the users' cgis would run with the webserver
privileges and noone would notice. This is a security risk. So I propose the
following patch. Please forward it upstream.
--- http_core.c.save Wed Apr 22 14:32:46 1998
+++ http_core.c Wed Apr 22 14:34:11 1998
@@ -1346,8 +1346,9 @@
else {
cmd->server->server_uid = ap_user_id;
fprintf(stderr,
- "Warning: User directive in <VirtualHost> "
+ "ERROR: User directive in <VirtualHost> "
"requires SUEXEC wrapper.\n");
+ exit(1);
}
}
#if !defined (BIG_SECURITY_HOLE) && !defined (__EMX__)
@@ -1380,7 +1381,8 @@
else {
cmd->server->server_gid = ap_group_id;
fprintf(stderr,
- "Warning: Group directive in <VirtualHost> requires SUEXEC wrapper.\n");
+ "ERROR: Group directive in <VirtualHost> requires SUEXEC wrapper.\n");
+ exit(1);
}
}
-- System Information
Debian Release: 2.0 (frozen)
Kernel Version: Linux passenger 2.0.33 #3 Fri Apr 17 17:11:47 CEST 1998 alpha unknown
Versions of the packages apache depends on:
libc6.1 Version: 2.0.7pre1-4
libgdbmg1 Version: 1.7.3-24
mime-support Version: 2.16-1
perl Version: 5.004.04-5
base-passwd Version: 2.0.3.2
</pre>
<hr>
<strong>Acknowledgement sent</strong> to <code><gorgo@passenger.telnet.hu></code>:<br>
New bug report received and forwarded. Copy sent to <code>Johnie Ingram <johnie@debian.org></code>.
<em><A href="../21/21525-b.html#m2">Full text</A> available.</em><hr>
<strong>Report forwarded</strong> to <code>debian-bugs-dist@lists.debian.org, Johnie Ingram <johnie@debian.org></code>:<br>
<code>Bug#21525</code>; Package <code>apache</code>.
<em><A href="../21/21525-b.html#m1">Full text</A> available.</em><hr>
<address>
<A href="http://www.chiark.greenend.org.uk/~ijackson/">Ian Jackson</A>
/
<A href="mailto:owner@bugs.debian.org">owner@bugs.debian.org</A>,
through the <A href="../../">Debian bug database</A>
</address>
Last modified:
<!--timestamp-->
12:39:01 GMT Wed 29 Apr
<!--/timestamp-->
(<A href="../ix/zstamp.html">timestamp page</A> available).
<!--version 1.0-4.3-->
</body></html>
|
